Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Adrastia PID Controller>Medium findings>Underflow could occur in calculation
GeneralOverview
Findings
Medium (2)Centralization riskUnderflow
DiscussionSet proper PID configs
Audit ResultsSummary
Category: Coding Mistakes

Underflow could occur in calculation

Medium Severity
Low Impact
Low Likelihood

Description

The function fetchLiquidity is used to calculate value and error in the accumulator. The function could underflow if value - target is greater than ERROR_ZERO.

function fetchLiquidity(bytes memory data) internal view virtual override returns (uint112 value, uint112 err) {
    value = fetchValue(data);
    uint256 target = fetchTarget(data);

    if (target >= value) {
        err = (ERROR_ZERO + (target - value)).toUint112();
    } else {
        err = (ERROR_ZERO - (value - target)).toUint112();
    }
}

Impact

If value - target is greater than ERROR_ZERO, fetchLiquidity is reverted due to underflow protection implemented in solidity 8.0.0. This could cause the contract to not work as expected.

Recommendations

Consider adding a check to ensure that value - target is less than ERROR_ZERO.

Remediation

According to Adrastia, halting updates in this scenario is considered acceptable behavior. In the context of TrueFi's ALOCs, a reversion is appropriate since it would indicate a bug in the ALOC's utilization function.

Zellic © 2024Back to top ↑