Platform: Code4rena
Start Date: 01/08/2023
Pot Size: $91,500 USDC
Total HM: 14
Participants: 80
Period: 6 days
Judge: gzeon
Total Solo HM: 6
Id: 269
League: ETH
Rank: 28/80
Findings: 1
Award: $482.48
🌟 Selected for report: 0
🚀 Solo Findings: 0
482.4792 USDC - $482.48
In TokenisableRange -> returnExpectedBalanceWithoutFees function, sqrtPriceX96 is calculated using prices of two tokens, but the calculation overflows which will result in the transaction revert.
(amt0, amt1) = LiquidityAmounts.getAmountsForLiquidity( uint160( sqrt( (2 ** 192 * ((TOKEN0_PRICE * 10 ** TOKEN1.decimals) / TOKEN1_PRICE)) / ( 10 ** TOKEN0.decimals ) ) ), TickMath.getSqrtRatioAtTick(lowerTick), TickMath.getSqrtRatioAtTick(upperTick), liquidity);
(2 ** 192 * ((TOKEN0_PRICE * 10 ** TOKEN1.decimals) / TOKEN1_PRICE)) is calculated at once, assuming token1's decimal is 18, 2^192 * 10^18 ~ 2^252, it means when token0 price is more than 16x of token1 price, it will overflow causing revert.
Manual Review
Do not put whole 2^192 in the calculation but just put 10^18 or whatever smaller number and then deal with remaining number outside of sqrt.
Math
#0 - c4-pre-sort
2023-08-09T16:29:09Z
141345 marked the issue as duplicate of #162
#1 - c4-pre-sort
2023-08-10T13:49:00Z
141345 marked the issue as not a duplicate
#2 - c4-pre-sort
2023-08-10T13:49:08Z
141345 marked the issue as duplicate of #58
#3 - c4-judge
2023-08-20T17:30:22Z
gzeon-c4 marked the issue as satisfactory