Skip to content

Latest commit

 

History

History
51 lines (31 loc) · 3.06 KB

040.md

File metadata and controls

51 lines (31 loc) · 3.06 KB
Raw

Skinny Blood Mallard

Medium

Lack of integer bounds on the immutable variable exchangeRateDenominator leads to incorrect calculations in preFeeStableAmountEquivalent and postFeeStableAmountEquivalent

Summary

The variable exchangeRateDenominator is not bounded to a specific range which may lead to incorrect calculations when calculating the fees in preFeeStableAmountEquivalent and consequently in postFeeStableAmountEquivalent.

Root Cause

The variable exchangeRateDenominator isn't bound to a specific range which leads to incorrect fee calculations when set to an incorrect figure either maliciously or by mistake by the deployer of VVVVCInvestmentLedger.

Given that immutable variables in Solidity can only be set once, this can be particularly devastating as it leads to either very high or very low fee calculations when calculating preFeeStableAmountEquivalent and consequently in postFeeStableAmountEquivalent which uses preFeeStableAmountEquivalent for its calculations.

Internal pre-conditions

Admin/deployer of VVVVCInvestmentLedger needs to set _exchangeRateDenominator to a very high or very low figure during contract deployment.

External pre-conditions

A user invokes the VVVVCInvestmentLedger::invest() with valid parameters while the exchangeRateDenominator is set to an unreasonable value.

Attack Path

  1. The deployer of VVVVCInvestmentLedger sets exchangeRateDenominator to an extremely high or low value during contract deployment.
  2. An investor calls VVVVCInvestmentLedger::invest() with valid params as defined in the struct InvestParams
  3. Calculation Distortion:
  • For a low exchangeRateDenominator, preFeeStableAmountEquivalent becomes disproportionately large:
uint256 preFeeStableAmountEquivalent = (_params.amountToInvest * _params.exchangeRateNumerator) / 1; // Example low denominator
  • For a low exchangeRateDenominator, the value is rendered negligible:
uint256 preFeeStableAmountEquivalent = (_params.amountToInvest * _params.exchangeRateNumerator) / 10**18; // Example high denominator

Impact

If exchangeRateDenominator is too low, the pre-fee equivalent will be inflated, leading to overestimated investment values. Conversely, if it is too high, the calculated equivalent becomes negligibly small, potentially misrepresenting the actual value of the investment and disrupting fee calculations.

Mitigation

Add a range check for _exchangeRateDenominator during contract deployment, e.g

require(_exchangeRateDenominator > MIN_DENOMINATOR && _exchangeRateDenominator < MAX_DENOMINATOR, "Invalid denominator");