Canto Dex Oracle contest - Bronicle's results

Execution layer for original work.

General Information

Platform: Code4rena

Start Date: 07/09/2022

Pot Size: $20,000 CANTO

Total HM: 7

Participants: 65

Period: 1 day

Judge: 0xean

Total Solo HM: 3

Id: 159

League: ETH

Canto

Findings Distribution

Researcher Performance

Rank: 40/65

Findings: 1

Award: $39.22

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Canto

Findings Information

🌟 Selected for report: lukris02

Also found by: 0x040, 0x1f8b, 0x52, 0xA5DF, 0xNazgul, 0xSky, Bnke0x0, Bronicle, CertoraInc, Chom, CodingNameKiki, Deivitto, Diraco, Dravee, EthLedger, IgnacioB, JC, JansenC, Jeiwan, R2, RaymondFam, ReyAdmirado, Rolezn, SinceJuly, TomJ, Tomo, Yiko, a12jmx, ajtra, ak1, codexploder, cryptphi, csanuragjain, erictee, fatherOfBlocks, gogo, hake, hansfriese, hickuphh3, ignacio, ontofractal, oyc_109, p_crypt0, pashov, peritoflores, rajatbeladiya, rbserver, rokinot, rvierdiiev, tnevler

Awards

242.8216 CANTO - $39.22

Labels

bug

QA (Quality Assurance)

old-submission-method

External Links

Link to GitHub issue

Low issue

Multiplication after division

Summary: Performing a multiplication after a division should be avoided as precision is lost in the division step.
Details: In order to minimize rounding errors, when performing mathematical operations, it is encouraged to leave the division step at the end of the expression.
Github Permalinks: https://github.com/code-423n4/2022-09-canto/blob/main/src/Swap/BaseV1-periphery.sol#L549-L593
Mitigation:

The current implementation of the computation at lines 581 to 585 can be mathematically written as follows:

$\text{LpPricesCumulative} = \sum_i \frac{\left(\text{token0TVL}+\text{token1TVL}\right)\cdot 10^{18}}{\text{supply}_i}$

which is equivalent to

$\text{LpPricesCumulative} = \sum_i \frac{\left(\text{assetReserves}_i\cdot\frac{\text{prices}_i}{\text{decimals}}+\text{token1TVL}\right)\cdot 10^{18}}{\text{supply}_i}$

Note that we can extract $10^{18}$ from the summation because it is constant. Moreover, if multiplying both the denominator and the numerator by $\text{decimals}$, we can do the same. This results in:

$\text{LpPricesCumulative} = \frac{10^{18}}{\text{decimals}} \sum_i \frac{\text{assetReserves}_i\cdot\text{prices}_i+\text{token1TVL}\cdot\text{decimals}}{\text{supply}_i}$

Moreover, if one checks that the number of decimals (let's call it $z$, so that $\text{decimals} = 10^{z}$) is less or equal than $18$, the above expression can be simplified to:

$\text{LpPricesCumulative} = 10^{18 - z} \sum_i \frac{\text{assetReserves}_i\cdot\text{prices}_i+\text{token1TVL}\cdot\text{decimals}}{\text{supply}_i}$

With this expression, one can reduce the amount of divisions performed and will most likely have a better rounding precision.

Moreover, at line 592, more simplifications can be done. The expression

$\text{LpPrice}\cdot\frac{\text{getPriceNote(address(wcanto), false)}}{10^{18}}$

can be rewritten as

$\frac{\text{LpPricesCumulative}}{8}\cdot\frac{\text{getPriceNote(address(wcanto), false)}}{10^{18}}$

which in turn equals

$\frac{10^{18 - z}}{8} \sum_i \frac{\text{assetReserves}_i\cdot\text{prices}_i+\text{token1TVL}\cdot\text{decimals}}{\text{supply}_i}\cdot\frac{\text{getPriceNote(address(wcanto), false)}}{10^{18}}$

having thus

$\frac{1}{8\cdot 10^´z} \sum_i \frac{\text{assetReserves}_i\cdot\text{prices}_i+\text{token1TVL}\cdot\text{decimals}}{\text{supply}_i}\cdot\text{getPriceNote(address(wcanto), false)}$

which might be a better implementation of the computations.

Canto Dex Oracle contest - Bronicle's results

Execution layer for original work.

General Information

Findings Distribution

Researcher Performance

External Links

[Q-43] QA Report - $39.22

Findings Information

Awards

Labels

External Links

Low issue

Multiplication after division