Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Precision Loss in the Health Factor Calculation. #803

Open
codehawks-bot opened this issue Aug 5, 2023 · 4 comments
Open

Precision Loss in the Health Factor Calculation. #803

codehawks-bot opened this issue Aug 5, 2023 · 4 comments
Labels
ai-dup-102 ai-dup-505 ai-dup-706 ai-dup-736 ai-dup-831 ai-dup-917 ai-dup-948 ai-dup-995 finding-precision-loss-division medium

Comments

@codehawks-bot
Copy link

Precision Loss in the Health Factor Calculation.

Severity

Medium Risk

Relevant GitHub Links

https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DSCEngine.sol#L330-L331

Summary - Vulnerability Details

Due to performing a multiplication on the result of a division, the _calculateHealthFactor loss precision while checking the collateralAdjustedForThreshold against the totalDscMinted.

(collateralAdjustedForThreshold * 1e18) / totalDscMinted;

Example:

Let's say the user collateral value in USD is $1001(in wei 1001000000000000000000) and the user tries to mint 500.5(in wei 500500000000000000000) DSC.

uint256 collateralAdjustedForThreshold = (collateralValueInUsd * LIQUIDATION_THRESHOLD) / LIQUIDATION_PRECISION;

After inserting the values in this formula 1001000000000000000000 * 50 / 100 the result will be 500000000000000000000.

We can see it lost 500000000000000000, the actual result should be 500500000000000000000 (500.5 DSC).

Due to that, if the user inserts the totalDscMinted value 500500000000000000000(which should be valid), he will see the DSCEngine__BreaksHealthFactor error.

(collateralAdjustedForThreshold * 1e18) / totalDscMinted;

Because this will return 999000999000999000 which is < than 1e18.

Impact

Users face the DSCEngine__BreaksHealthFactor error when such a calculation occurs.

Tools Used

Slither, Math, Solodit

Recommendations

Make sure to do all the multiplications before division.
@alymurtazamemon
Copy link

@hans-cyfrin May you please mention the reason for not considering it so I can discuss this?

@alymurtazamemon
Copy link

@hans-cyfrin @PatrickAlphaC Found the similar issue as valid Precision loss when calculating the health factor

@alymurtazamemon
Copy link

@PatrickAlphaC @hans-cyfrin I consider it a Medium issue because;

Impact: will be (Disruption of protocol functionality or availability)
Likelihood: will be Highly likely to happen. (Many calculations will result in decimals where this issue can happen)

And the impact vs. likelihood matrix shows it as H/M so at least it should be a medium issue.

@PatrickAlphaC
Copy link
Member

This is 100% a low issue:

IMPACT: Low - the collateral requirements a a little higher when using weird values due to a small rounding error
Likelihood: Medium - users will have to hit very specific low amounts for them to run into this

This is a low

@PatrickAlphaC PatrickAlphaC reopened this Sep 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
ai-dup-102 ai-dup-505 ai-dup-706 ai-dup-736 ai-dup-831 ai-dup-917 ai-dup-948 ai-dup-995 finding-precision-loss-division medium
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@PatrickAlphaC @alymurtazamemon @hans-cyfrin @codehawks-bot