docs(FLOW-16): Document precision loss in cross-VM amount conversions#37
docs(FLOW-16): Document precision loss in cross-VM amount conversions#37
Conversation
EVM uses uint256 with 18 decimals while Cadence uses UFix64 with 8 decimals. Converting between formats truncates precision beyond 8 decimal places. This is not exploitable (truncation favors protocol) and minimum deposit mitigates dust loss. Added precision warnings to: - Cadence contract header - Cadence ufix64FromUInt256() function docstring - Solidity contract header Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
| PR 37 review - see inline comments for details. Two concrete issues found. (1) Critical liveness bug: the new PRECISION NOTE comments document truncation as not-exploitable, but the refund path has exact-match enforcement. When a native FLOW CREATE/DEPOSIT fails, Cadence converts refundAmount through UFix64 (truncating sub-8-decimal precision), then sends the truncated value as msg.value. Solidity line 1001 checks msg.value != request.amount and reverts. This causes completeProcessing to return false, processRequest to panic, and the SchedulerHandler crash-recovery path also fails identically (same truncation, same revert). The SchedulerHandler then removes the request from scheduledRequests with no retry - permanently stuck PROCESSING with no admin escape (dropRequests only affects PENDING). Affected: any deposit where amount mod 10^10 is non-zero in wei. Fix: change line 1001 to msg.value < request.amount (accept excess) or bypass UFix64 in Cadence when constructing the refund EVM.Balance. (2) Medium: no forceFailRequest admin function means any PROCESSING request that markRequestAsFailed cannot resolve is permanently unrecoverable. All other logic reviewed (ownership tracking, two-phase commit, sentinel values, arrays, request type sync, access control) is correct. |
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
| /// EVM uses uint256 with 18 decimals (wei), while Cadence uses UFix64 with 8 decimals. | ||
| /// Converting between these formats truncates precision beyond 8 decimal places. | ||
| /// For example: 1.123456789012345678 FLOW (EVM) becomes 1.12345678 FLOW (Cadence). | ||
| /// This is not exploitable (users receive slightly less, not more) and the 1 FLOW |
There was a problem hiding this comment.
Incomplete analysis — precision truncation IS a liveness bug in the refund path
The note correctly describes forward-direction truncation (deposit → Cadence), but misses the critical reverse case: when a native FLOW CREATE/DEPOSIT request fails, completeProcessing (lines 1056–1060) converts refundAmount (UInt256, 18 dec) → UFix64 (8 dec, truncated) → EVM.Balance via setFLOW. The resulting msg.value is smaller than the original request.amount.
Solidity then reverts with MsgValueMustEqualAmount (msg.value != request.amount, exact match). This causes completeProcessing to return false → processRequest panics → the WorkerHandler transaction reverts. Because the PROCESSING status was committed in a prior startProcessingBatch transaction, it is not reverted. When the SchedulerHandler detects the panic and calls markRequestAsFailed, it hits the same truncation, the same Solidity revert, and the same false return — after which it removes the request from scheduledRequests with no retry (line 674 of WorkerOps, comment: "errors are not considered transient"). The request is permanently stuck in PROCESSING with user funds in the COA.
The statement "users receive slightly less, not more" is true for withdrawals/close, but for the refund-on-failure path the protocol currently cannot return even the truncated amount because Solidity demands the exact original amount.
Affected amounts: any wei value where amount % 10^10 != 0 (e.g. any amount with non-zero attoflow below 10 gwei). Amounts that are exact multiples of 10^10 wei (1 FLOW, 1.5 FLOW, etc.) are unaffected.
| * PRECISION NOTE: EVM uses uint256 with 18 decimals, while Cadence uses UFix64 with 8 decimals. | ||
| * Amounts are truncated beyond 8 decimal places during cross-VM conversion. | ||
| * Example: 1.123456789012345678 FLOW → 1.12345678 FLOW (loss of ~9e-9 FLOW). | ||
| * This is not exploitable (truncation favors the protocol) and the minimum deposit mitigates dust. |
There was a problem hiding this comment.
The "not exploitable" claim is incomplete — see the refund path
The forward direction (deposit → Cadence) is indeed safe: users put in more than they get, so the protocol is not at risk. But completeProcessing in Solidity (line 1001) requires an exact match: if (msg.value != request.amount) revert MsgValueMustEqualAmount().
When a native FLOW request fails, the Cadence worker reconstructs the refund amount via UFix64, losing the same sub-8-decimal precision. The resulting msg.value is less than request.amount, so Solidity reverts. The Cadence transaction panics, the request stays permanently in PROCESSING on EVM, and there is no admin escape hatch (dropRequests only operates on PENDING). User funds in the COA have no path back.
Fix: Change line 1001 to if (msg.value < request.amount) and return the excess to the COA, or have the Cadence worker bypass the UFix64 conversion when building the refund balance and use the raw attoflow value directly.
2 participants
Summary
Fixes #31
Documents the precision loss that occurs when converting between EVM's
uint256(18 decimals) and Cadence'sUFix64(8 decimals).Key points:
1.123456789012345678FLOW →1.12345678FLOWChanges:
ufix64FromUInt256()docstringTest plan
🤖 Generated with Claude Code