Active Boosts

#37668 [SC-Low] Incorrect Scale Factor value leads to early scale change

Submitted on Dec 12th 2024 at 07:51:49 UTC by @SeveritySquad for IOP | Fluid Protocol

  • Report ID: #37668

  • Report Type: Smart Contract

  • Report severity: Low

  • Target: https://github.com/Hydrogen-Labs/fluid-protocol/tree/main/contracts/stability-pool-contract/src/main.sw

  • Impacts:

    • Contract fails to deliver promised returns, but doesn't lose value

Description

Brief/Intro

Incorrect SCALE_FACTOR value leads to early scale change on the Stability Pool contract. This has an undesired effect of on increasing the scale on the first liquidation in the Stability Pool

Vulnerability Details

The SCALE_FACTOR value is set to 1e9 value which is the same as the DECIMAL_PRECISION of the Fluid protocol. Originally the Scale Factor of the Liquity protocol is set to 1e9, but Decimal Precision there is 1e18.

The Fluid protocol configuration leads to a situation where the P value is raised to 1e18 immediately on the first liquidation event unnecessarily. The following condition is always true after first liquidation:

   } else if (current_p * new_product_factor / U128::from(DECIMAL_PRECISION) < U128::from(SCALE_FACTOR))
    {
        new_p = current_p * new_product_factor * U128::from(SCALE_FACTOR) / U128::from(DECIMAL_PRECISION);
        storage
            .current_scale
            .write(storage.current_scale.read() + 1);
    } else {
        new_p = current_p * new_product_factor / U128::from(DECIMAL_PRECISION);
    }

The Scale Factor should be set to a value which is not greater than 50% of the Decimal Precision scale.

Impact Details

This situation might have incorrectly put certain depositors immediately on the second scale which may case them to lose their deposits if the scale moves earlier by more than 1 prematurely. Yet if depositors correctly recognize this situation they can avoid the loss. Hence protocol doesn't lose value, yet it may not bring the expected results.

References

No reference needed.

Proof of Concept

Proof of Concept

Previous#37650 [SC-Low] redeem functionality partially failingNext#37671 [SC-Critical] CRITICAL-02 / The contract could be permanently locked due to not reseting the

Last updated

Was this helpful?