[trail of bits audit] #1 Loss of precision may allow an attacker to get funds for free

2020-09-25 10:51:03 +08:00
parent b4b75bcb71
commit f0cffd840d
3 changed files with 8 additions and 1 deletions
--- a/contracts/impl/Pricing.sol
+++ b/contracts/impl/Pricing.sol
@@ -14,6 +14,7 @@ import {DODOMath} from "../lib/DODOMath.sol";
 import {Types} from "../lib/Types.sol";
 import {Storage} from "./Storage.sol";

+
 /**
 * @title Pricing
 * @author DODO Breeder
@@ -84,7 +85,7 @@ contract Pricing is Storage {
        uint256 Q2 = DODOMath._SolveQuadraticFunctionForTrade(
            targetQuoteAmount,
            quoteBalance,
-            DecimalMath.mul(i, amount),
+            DecimalMath.mulCeil(i, amount),
            true,
            _K_
        );
--- a/contracts/lib/DecimalMath.sol
+++ b/contracts/lib/DecimalMath.sol
@@ -10,6 +10,7 @@ pragma experimental ABIEncoderV2;

 import {SafeMath} from "./SafeMath.sol";

+
 /**
 * @title DecimalMath
 * @author DODO Breeder
@@ -25,6 +26,10 @@ library DecimalMath {
        return target.mul(d) / ONE;
    }

+    function mulCeil(uint256 target, uint256 d) internal pure returns (uint256) {
+        return target.mul(d).divCeil(ONE);
+    }
+
    function divFloor(uint256 target, uint256 d) internal pure returns (uint256) {
        return target.mul(ONE).div(d);
    }
--- a/contracts/lib/SafeMath.sol
+++ b/contracts/lib/SafeMath.sol
@@ -8,6 +8,7 @@
 pragma solidity 0.6.9;
 pragma experimental ABIEncoderV2;

+
 /**
 * @title SafeMath
 * @author DODO Breeder