durov - SolidlyV3AMO.sol::boostPrice() will round up the price in some cases

[sherlock-admin3]

durov

Medium

SolidlyV3AMO.sol::boostPrice() will round up the price in some cases

Summary

SolidlyV3AMO.sol::boostPrice() has wrongly implemented division logic, which in some cases could harshly round up the actual price.

Root Cause

In SolidlyV3AMO.sol:352 the division is implemented incorrectly, so when the price of boost is less than 1 the function will return 1
because of rounding.

function boostPrice() public view override returns (uint256 price) {
        (uint160 _sqrtPriceX96, , , ) = ISolidlyV3Pool(pool).slot0();
        uint256 sqrtPriceX96 = uint256(_sqrtPriceX96);
        if (boost < usd) {
            price = (10 ** (boostDecimals - usdDecimals + PRICE_DECIMALS) * sqrtPriceX96 ** 2) / Q96 ** 2;
        } else {
            if (sqrtPriceX96 >= Q96) {
@>              price = 10 ** (boostDecimals - usdDecimals + PRICE_DECIMALS) / (sqrtPriceX96 ** 2 / Q96 ** 2);
            } else {
                price = (10 ** (boostDecimals - usdDecimals + PRICE_DECIMALS) * Q96 ** 2) / sqrtPriceX96 ** 2;
            }
        }
    }

https://github.com/sherlock-audit/2024-10-axion/blob/main/liquidity-amo/contracts/SolidlyV3AMO.sol#L343-L355

Internal pre-conditions

1. sqrtPriceX96 > Q96
2. boost > usd

External pre-conditions

None

Attack Path

No response

Impact

boostPrice() will return 1 even if the price of boost is less than 1.

PoC

No response

Mitigation

Change the code line so it multiplies by Q96 ** 2 first and then divides by sqrtPriceX96 ** 2