From f0cffd840d63654d676a89ea7061d1c2f8e428ae Mon Sep 17 00:00:00 2001 From: mingda Date: Fri, 25 Sep 2020 10:51:03 +0800 Subject: [PATCH] [trail of bits audit] #1 Loss of precision may allow an attacker to get funds for free --- contracts/impl/Pricing.sol | 3 ++- contracts/lib/DecimalMath.sol | 5 +++++ contracts/lib/SafeMath.sol | 1 + 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/contracts/impl/Pricing.sol b/contracts/impl/Pricing.sol index f9ce3ee..ce45235 100644 --- a/contracts/impl/Pricing.sol +++ b/contracts/impl/Pricing.sol @@ -14,6 +14,7 @@ import {DODOMath} from "../lib/DODOMath.sol"; import {Types} from "../lib/Types.sol"; import {Storage} from "./Storage.sol"; + /** * @title Pricing * @author DODO Breeder @@ -84,7 +85,7 @@ contract Pricing is Storage { uint256 Q2 = DODOMath._SolveQuadraticFunctionForTrade( targetQuoteAmount, quoteBalance, - DecimalMath.mul(i, amount), + DecimalMath.mulCeil(i, amount), true, _K_ ); diff --git a/contracts/lib/DecimalMath.sol b/contracts/lib/DecimalMath.sol index a121d24..99debb1 100644 --- a/contracts/lib/DecimalMath.sol +++ b/contracts/lib/DecimalMath.sol @@ -10,6 +10,7 @@ pragma experimental ABIEncoderV2; import {SafeMath} from "./SafeMath.sol"; + /** * @title DecimalMath * @author DODO Breeder @@ -25,6 +26,10 @@ library DecimalMath { return target.mul(d) / ONE; } + function mulCeil(uint256 target, uint256 d) internal pure returns (uint256) { + return target.mul(d).divCeil(ONE); + } + function divFloor(uint256 target, uint256 d) internal pure returns (uint256) { return target.mul(ONE).div(d); } diff --git a/contracts/lib/SafeMath.sol b/contracts/lib/SafeMath.sol index f543fb4..dc5bb8d 100644 --- a/contracts/lib/SafeMath.sol +++ b/contracts/lib/SafeMath.sol @@ -8,6 +8,7 @@ pragma solidity 0.6.9; pragma experimental ABIEncoderV2; + /** * @title SafeMath * @author DODO Breeder