Skip to content

docs(FLOW-16): Document precision loss in cross-VM amount conversions #37

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
liobrasil wants to merge 2 commits into
base: main
Choose a base branch
from
+15 −1
Open

docs(FLOW-16): Document precision loss in cross-VM amount conversions #37

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
36216ee
docs(FLOW-16): document precision loss in cross-VM amount conversions
liobrasil Jan 19, 2026
c011746
Merge branch 'main' into fix/FLOW-16-precision-loss-documentation
liobrasil Mar 16, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 10 additions & 1 deletion cadence/contracts/FlowYieldVaultsEVM.cdc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,13 @@ import "FlowEVMBridgeConfig"
/// 2. Processing: For each PROCESSING request, executes Cadence-side operation
/// (create/deposit/withdraw/close YieldVault), then calls completeProcessing() to mark
/// as COMPLETED or FAILED (with refund to EVM contract on CREATE/DEPOSIT failure)
/// PRECISION NOTE:
/// EVM uses uint256 with 18 decimals (wei), while Cadence uses UFix64 with 8 decimals.
/// Converting between these formats truncates precision beyond 8 decimal places.
/// For example: 1.123456789012345678 FLOW (EVM) becomes 1.12345678 FLOW (Cadence).
/// This is not exploitable (users receive slightly less, not more) and the 1 FLOW
Copy link

@claude claude bot Mar 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Incomplete analysis — precision truncation IS a liveness bug in the refund path

The note correctly describes forward-direction truncation (deposit → Cadence), but misses the critical reverse case: when a native FLOW CREATE/DEPOSIT request fails, completeProcessing (lines 1056–1060) converts refundAmount (UInt256, 18 dec) → UFix64 (8 dec, truncated) → EVM.Balance via setFLOW. The resulting msg.value is smaller than the original request.amount.

Solidity then reverts with MsgValueMustEqualAmount (msg.value != request.amount, exact match). This causes completeProcessing to return falseprocessRequest panics → the WorkerHandler transaction reverts. Because the PROCESSING status was committed in a prior startProcessingBatch transaction, it is not reverted. When the SchedulerHandler detects the panic and calls markRequestAsFailed, it hits the same truncation, the same Solidity revert, and the same false return — after which it removes the request from scheduledRequests with no retry (line 674 of WorkerOps, comment: "errors are not considered transient"). The request is permanently stuck in PROCESSING with user funds in the COA.

The statement "users receive slightly less, not more" is true for withdrawals/close, but for the refund-on-failure path the protocol currently cannot return even the truncated amount because Solidity demands the exact original amount.

Affected amounts: any wei value where amount % 10^10 != 0 (e.g. any amount with non-zero attoflow below 10 gwei). Amounts that are exact multiples of 10^10 wei (1 FLOW, 1.5 FLOW, etc.) are unaffected.

/// minimum deposit makes any dust loss negligible (~0.0000001% maximum).

access(all) contract FlowYieldVaultsEVM {

// ============================================
Expand Down Expand Up @@ -1929,9 +1936,11 @@ access(all) contract FlowYieldVaultsEVM {
/// @notice Converts a UInt256 amount from EVM to UFix64 for Cadence
/// @dev For native FLOW: Uses 18 decimals (attoflow to FLOW conversion)
/// For ERC20: Uses FlowEVMBridgeUtils to look up token decimals
/// PRECISION WARNING: UFix64 has only 8 decimal places vs uint256's 18.
/// Precision beyond 8 decimals is truncated (e.g., 1.123456789... → 1.12345678).
/// @param value The amount in wei/smallest unit (UInt256)
/// @param tokenAddress The token address to determine decimal conversion
/// @return The converted amount in UFix64 format
/// @return The converted amount in UFix64 format (truncated to 8 decimals)
access(self) fun ufix64FromUInt256(_ value: UInt256, tokenAddress: EVM.EVMAddress): UFix64 {
if tokenAddress.toString() == FlowYieldVaultsEVM.nativeFlowEVMAddress.toString() {
return FlowEVMBridgeUtils.uint256ToUFix64(value: value, decimals: 18)
Expand Down
5 changes: 5 additions & 0 deletions solidity/src/FlowYieldVaultsRequests.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,11 @@ import {
* Processing uses atomic two-phase commit:
* - startProcessingBatch(): Marks requests as PROCESSING, deducts user balances
* - completeProcessing(): Marks as COMPLETED/FAILED, credits claimable refunds on failure
*
* PRECISION NOTE: EVM uses uint256 with 18 decimals, while Cadence uses UFix64 with 8 decimals.
* Amounts are truncated beyond 8 decimal places during cross-VM conversion.
* Example: 1.123456789012345678 FLOW → 1.12345678 FLOW (loss of ~9e-9 FLOW).
* This is not exploitable (truncation favors the protocol) and the minimum deposit mitigates dust.
Copy link

@claude claude bot Mar 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The "not exploitable" claim is incomplete — see the refund path

The forward direction (deposit → Cadence) is indeed safe: users put in more than they get, so the protocol is not at risk. But completeProcessing in Solidity (line 1001) requires an exact match: if (msg.value != request.amount) revert MsgValueMustEqualAmount().

When a native FLOW request fails, the Cadence worker reconstructs the refund amount via UFix64, losing the same sub-8-decimal precision. The resulting msg.value is less than request.amount, so Solidity reverts. The Cadence transaction panics, the request stays permanently in PROCESSING on EVM, and there is no admin escape hatch (dropRequests only operates on PENDING). User funds in the COA have no path back.

Fix: Change line 1001 to if (msg.value < request.amount) and return the excess to the COA, or have the Cadence worker bypass the UFix64 conversion when building the refund balance and use the raw attoflow value directly.

*/
contract FlowYieldVaultsRequests is ReentrancyGuard, Ownable2Step {
using SafeERC20 for IERC20;
Expand Down
Loading