You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Truncation decreases accuracy in health factors' computation.
Although truncation, in this case, still makes the code's logic work as expected, improving accuracy is vital for enabling clients to make more informed decisions.
🔍 Vulnerability
In the DSCEngine.sol smart contract, specifically in the _calculateHealthFactor() method, there is a loss of precision arising from the division operation with totalDscMinted as denominator.
Let's evaluate two hypothetical yet realistic users:
User 1 🧑🦱
Deposit: $343 of collateral in exchange for $100 worth of stablecoin value.
Variables:
collateralValueInUsd = 343.
totalDscMinted = 100
Real health factor = (343 * 0.5)/100 = 1.715
User 2 🙆
Deposit: $201 of collateral in exchange for $100 worth of stablecoin value.
Variables:
collateralValueInUsd = 201.
totalDscMinted = 100
Real health factor = (201 * 0.5)/100 = 1.005
Yet the health factors are different, the value returned by _calculateHealthFactor() is 1 for both users. This discrepancy arises because, while the code's division values are adjusted for decimals, the numerator isn't multiplied by a significant factor to treat the result as a real number instead of an integer.
📘 Notice ℹ️: Considering the existence of a public function for computing health factors in the contract, it's reasonable to assume the protocol isn't expecting clients to perform off-chain health factor computations.
📈 Impact
This imprecision, while not causing logical errors in the protocol, can introduce confusion for users leading to misconceptions about other user positions.
🛠️ Tools Used
Manual audit
Slither
🎯 Recommendations
To avoid truncation and get accurate health factor calculations:
Introduce a new constant named HEALTH_FACTOR_PRECISION. It's value should be 10^(desired number of decimals).
Adjust the _calculateHealthFactor() accordingly.
Add a getter function so clients can consult the new constant.
Some adjustments examples 🏗️
The adjusted code snippet would look like:
🚧 Note⚠️: This code has not been tested, it's meant to serve as a reference.
Update the contract's logic that deals with health factors' values to account for this new constant.
🚧 Note⚠️: It's crucial for users to be aware of the number of decimals in a health factor. Examples on how to consult certain information should be added in the final docs of the contract.
The text was updated successfully, but these errors were encountered:
Low1-HealthFactorPrecision-CarlosAlegreUr
Severity
Low Risk
Relevant GitHub Links
https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DSCEngine.sol
📌 Summary
Truncation decreases accuracy in health factors' computation.
Although truncation, in this case, still makes the code's logic work as expected, improving accuracy is vital for enabling clients to make more informed decisions.
🔍 Vulnerability
In the
DSCEngine.sol
smart contract, specifically in the_calculateHealthFactor()
method, there is a loss of precision arising from the division operation withtotalDscMinted
as denominator.Let's evaluate two hypothetical yet realistic users:
User 1 🧑🦱
$343
of collateral in exchange for$100
worth of stablecoin value.collateralValueInUsd
= 343.totalDscMinted
= 100User 2 🙆
$201
of collateral in exchange for$100
worth of stablecoin value.collateralValueInUsd
= 201.totalDscMinted
= 100Yet the health factors are different, the value returned by
_calculateHealthFactor()
is 1 for both users. This discrepancy arises because, while the code's division values are adjusted for decimals, the numerator isn't multiplied by a significant factor to treat the result as a real number instead of an integer.📈 Impact
This imprecision, while not causing logical errors in the protocol, can introduce confusion for users leading to misconceptions about other user positions.
🛠️ Tools Used
🎯 Recommendations
To avoid truncation and get accurate health factor calculations:
Introduce a new constant named
HEALTH_FACTOR_PRECISION
. It's value should be10^(desired number of decimals)
.Adjust the
_calculateHealthFactor()
accordingly.Add a getter function so clients can consult the new constant.
Some adjustments examples 🏗️
The adjusted code snippet would look like:Update the contract's logic that deals with health factors' values to account for this new constant.
The text was updated successfully, but these errors were encountered: