AMP-02: Potential Loss of Precision
Closed this issue · 1 comments
Description:
The Ampleforth protocol follows a strict rebase policy whereby consequent rebases will never incur loss of precision in the underlying values used to transact with the currency as denoted by their uFragments.sol supply adjustment analysis. Multiple epoch rebases that can accumulate, however, do not guarantee the same constraints in the rebase operation of the cross-chain Ampleforth in comparison to the main-chain Ampleforth.
Recommendation:
We advise that a subsequent thorough analysis is performed on the impacts of accumulated rebases to the cross-chain transfers of AMPL to xcAMPL, as this can have a significant impact to the currency as a whole. Solutions to the introduction of accumulated rebases would be ensuring at the code level that cross-chain transactions fail if multiple epochs have passed on both chains and that rebase operations on satellite chains occur on each consequent epoch and fail if an attempt is made to 'skip' intermediate epoch adjustments.
If for some reason a particular rebase epoch on the main chain is NOT propagated to the satellite chain, for a brief period of time till the next rebase reaches the satellite chain the global AMPL supply will be out of sync. For AMPL holders in the satellite chain their balance will get back in sync when the next rebase reaches. Since cross chain AMPLs are denominated by both the amount and the total supply, malicious on either side cannot leverage this to extract value from the system. Even when cross-chain transfers are executed when the epochs are not in sync, the accounting will be pristine.
Consider the example:
Base change (epoch 101 - 100m), Satellite change (epoch 100 - 50m):
- User transfers 100 AMPL from satellite to base. 100 AMPL burned in satellite and 200 AMPL unlocked to user in base
- User transfers 100 AMPL from base to satellite. 100 AMPL locked in base and 50 AMPL minted to user in satellite