veCVX/contracts/veCVXStrategy.sol
2. Inaccurate CVX Lock Amount Derived from Ratio Difference
Description
The function calculates the CVX amount to lock using cvxToLock = newLockRatio.sub(currentLockRatio), where both variables are derived from a flawed comparison of ratios. Even if these ratios were correctly unit-aligned (which they are not), subtracting ratios and assuming the result maps directly to a CVX token amount introduces significant inaccuracies. The actual CVX amount needed to achieve the target lock percentage should be calculated directly based on totalCVXBalance and balanceInLock, not the difference in their relative ratios.
Severity | Finding ID BH-2021-09-bvecvx-02 |
| Target veCVX/contracts/veCVXStrategy.sol | Function name manualRebalance |
Description
The function calculates the CVX amount to lock using cvxToLock = newLockRatio.sub(currentLockRatio), where both variables are derived from a flawed comparison of ratios. Even if these ratios were correctly unit-aligned (which they are not), subtracting ratios and assuming the result maps directly to a CVX token amount introduces significant inaccuracies. The actual CVX amount needed to achieve the target lock percentage should be calculated directly based on totalCVXBalance and balanceInLock, not the difference in their relative ratios.
veCVX/contracts/veCVXStrategy.sol
2. Inaccurate CVX Lock Amount Derived from Ratio Difference
Description
The function calculates the CVX amount to lock using cvxToLock = newLockRatio.sub(currentLockRatio), where both variables are derived from a flawed comparison of ratios. Even if these ratios were correctly unit-aligned (which they are not), subtracting ratios and assuming the result maps directly to a CVX token amount introduces significant inaccuracies. The actual CVX amount needed to achieve the target lock percentage should be calculated directly based on totalCVXBalance and balanceInLock, not the difference in their relative ratios.
| Severity |
| Finding ID BH-2021-09-bvecvx-02 |
| Target veCVX/contracts/veCVXStrategy.sol |
| Function name manualRebalance |
Description
The function calculates the CVX amount to lock using cvxToLock = newLockRatio.sub(currentLockRatio), where both variables are derived from a flawed comparison of ratios. Even if these ratios were correctly unit-aligned (which they are not), subtracting ratios and assuming the result maps directly to a CVX token amount introduces significant inaccuracies. The actual CVX amount needed to achieve the target lock percentage should be calculated directly based on totalCVXBalance and balanceInLock, not the difference in their relative ratios.
