Handling Decimal Discrepancies in Uniswap V3 Price Calculations

Overview of the Vulnerability

When working with decentralized exchanges like Uniswap V3, accurate price calculations are crucial, particularly when interacting with tokens that have varying decimal places. A common vulnerability arises when decimal discrepancies between token pairs are not properly accounted for during price and liquidity calculations. If token0 and token1 in a Uniswap V3 pool have different decimals, calculations that do not consider this difference can result in incorrect price outputs, potentially leading to over- or under-estimation of asset values, inflated liquidity values, and incorrect price feeds.

This tutorial will explore the concept of decimal discrepancies in Uniswap V3, focusing on the issue of over-inflated prices due to unhandled decimal differences between token pairs. We'll discuss how the discrepancy impacts price calculations, and outline best practices to mitigate this issue when interacting with Uniswap V3 pools.

How the Vulnerability Occurs

  1. Token Decimal Differences: In Uniswap V3, liquidity pools consist of two tokens (token0 and token1). These tokens can have different decimal places (e.g., token0 may have 18 decimals, while token1 may have 6 or 9 decimals). When calculating prices or liquidity positions, this difference in decimals must be factored into the calculations.

  2. Square Root Price Calculations: Uniswap V3 uses square root price calculations to represent the price ratio between the two tokens in a liquidity pool. If the calculation does not correctly account for the difference in decimals between token0 and token1, it can lead to an over-inflated price. This is particularly problematic when the decimal difference is large (e.g., token1 has 18 decimals, and token0 has 9 decimals).

  3. Hardcoded Denominator: In some cases, the price calculation may use a hardcoded denominator (e.g., 1E9) that fails to adjust for the decimal difference between the two tokens. This leads to incorrect price ratios, as the calculation does not normalize the values correctly, causing inflated or inaccurate results.

  4. Impact on Liquidity and Price Feeds: If the price calculation is incorrect, it impacts any operation that relies on the price, such as determining liquidity positions, calculating fees, or providing price feeds. This can result in liquidity positions being misrepresented or price feeds being inaccurate, potentially leading to financial losses for users and inefficiencies in the protocol.

Key Concepts and Vulnerability Pattern

  1. Decimals in Token Pairs: Different tokens have different decimal places, which affect how their prices and liquidity are represented in the Uniswap V3 pool. For example:

    • Token0: 18 decimals (e.g., ETH or DAI)

    • Token1: 6 decimals (e.g., USDC) If the price or liquidity calculations do not properly account for these differences, the resulting price can be distorted.

  2. Square Root Price X96: Uniswap V3 represents the price of token0 relative to token1 as the square root price (sqrtPriceX96). This value must be calculated carefully, taking into account the decimals of both tokens. Any discrepancies in how these decimals are handled can result in large errors in price or liquidity calculations.

  3. Normalization of Values: To correctly calculate prices and liquidity positions, the values must be normalized to account for the decimal difference between token0 and token1. If the normalization step is skipped or incorrectly implemented (e.g., by using a fixed denominator), the calculated price will be inaccurate.

Impact of the Vulnerability

  • Over-Inflated Prices: If the price calculation does not correctly handle decimal discrepancies, it can return an over-inflated price, especially when token1 has significantly more decimals than token0. This can lead to incorrect price feeds, which in turn can cause users to receive incorrect values for their trades or liquidity positions.

  • Incorrect Liquidity Calculations: Inaccurate price calculations can also distort liquidity positions. If the pool incorrectly calculates the amount of token0 and token1 in a liquidity position, it can lead to an overestimation of liquidity, which affects the calculation of fees and rewards for liquidity providers.

  • Protocol Instability: If price discrepancies are widespread, the protocol’s overall stability may be compromised, as multiple operations (e.g., liquidations, trades, and liquidity provisioning) rely on accurate price feeds.

Mitigation Strategies for Decimal Discrepancies

1. Adjust Calculations Based on Token Decimals

The most effective way to mitigate this vulnerability is to ensure that all price and liquidity calculations correctly adjust for the decimal differences between token0 and token1. This involves dynamically calculating the correct normalization factor based on the difference in decimals between the two tokens.

Conclusion

Decimal discrepancies in Uniswap V3 price calculations can lead to significant vulnerabilities if not handled correctly. When token pairs in a liquidity pool have different decimal places, failure to account for these differences can result in over-inflated prices, incorrect liquidity calculations, and potential financial losses for users.

To mitigate this issue, developers should ensure that all price and liquidity calculations adjust for decimal differences dynamically, avoid hardcoded denominators, and thoroughly test for edge cases involving token pairs with varying decimals. By following these best practices, protocols can ensure accurate price feeds and liquidity calculations, enhancing the stability and reliability of their Uniswap V3 integrations.

PreviousUnderflow Vulnerability in Uniswap V3 Position Fee Growth CalculationsNextTutorial 41: Multiple Token Addresses in Proxied Tokens

Last updated