Platform: Code4rena
Start Date: 26/01/2023
Pot Size: $60,500 USDC
Total HM: 7
Participants: 31
Period: 6 days
Judge: berndartmueller
Total Solo HM: 3
Id: 207
League: ETH
Rank: 6/31
Findings: 1
Award: $1,829.30
🌟 Selected for report: 0
🚀 Solo Findings: 0
1829.3034 USDC - $1,829.30
https://github.com/code-423n4/2023-01-numoen/blob/main/src/core/Lendgine.sol#L252 https://github.com/code-423n4/2023-01-numoen/blob/main/src/core/Pair.sol#L56-L57
There is a division before multiplication bug in _accrueInterest() method of Lendgine.sol which may result in loss of interest being accrued due to huge precision loss. There is same error in invariant method of Pair.sol as well which can cause larger Precision Loss.
File: Lendgine.sol 252: uint256 dilutionLPRequested = (FullMath.mulDiv(borrowRate, _totalLiquidityBorrowed, 1e18) * timeElapsed) / 365 days;
File: Pair.sol 56: uint256 scale0 = FullMath.mulDiv(amount0, 1e18, liquidity) * token0Scale; 57: uint256 scale1 = FullMath.mulDiv(amount1, 1e18, liquidity) * token1Scale;
As in the above 2 cases, Division is taking place before multiplication. In Lendgine, timeElapsed is multiplied on the result of a division while in Pair, token0Scale and token1Scale are multiplied on the result of a division. This causes Incorrect calculation which can lead to the protocol functioning incorrectly.
Manual Review
Consider multiplying all the numerators first before dividing.
Mitigated code:
File: Lendgine.sol 252: uint256 dilutionLPRequested = FullMath.mulDiv(borrowRate * timeElapsed, _totalLiquidityBorrowed, 1e18) / 365 days;
File: Pair.sol 56: uint256 scale0 = FullMath.mulDiv(amount0 * token0Scale, 1e18, liquidity); 57: uint256 scale1 = FullMath.mulDiv(amount1 * token1Scale, 1e18, liquidity);
#0 - c4-judge
2023-02-07T17:06:13Z
berndartmueller marked the issue as duplicate of #45
#1 - c4-sponsor
2023-02-08T17:45:48Z
kyscott18 marked the issue as sponsor confirmed
#2 - c4-judge
2023-02-16T09:40:19Z
berndartmueller marked the issue as satisfactory