fix: CurveLib Math Precision (DEV-1154)

[deluca-mike]

Summary by CodeRabbit

• Refactor
  • Updated internal calculation precision handling to maintain higher-precision intermediate values across liquidity operations (swap, add liquidity, remove liquidity).
  • Adjusted comparison logic to use explicit scaling for rate calculations.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[notion-workspace]

Refactor CurveLib to not do div by potential zero values, and revert with proper error message

[octane-security-app]

Summary by Octane

New Contracts

No new contracts were added.

Updated Contracts

• CurveLib.sol: Enhanced precision handling in rate calculations to prevent overflow, improving accuracy in liquidity operations.

---

🔗 Commit Hash: 55b4354

[coderabbitai]

Walkthrough

Precision handling adjustments in a liquidity curve library. Calculation logic for swap, addLiquidity, and removeLiquidity functions updated to maintain higher-precision (36-decimal) intermediate values, with direct scaled comparisons replacing computed shortcuts and division-based adjustments.

Changes

Cohort / File(s)

Summary

Liquidity Curve Precision Adjustments src/libraries/CurveLib.sol

Updated swap, addLiquidity, and removeLiquidity to use explicit 1e18 scaling and multiplications instead of divisions for precision management. Replaced minimum amount-out shortcuts with direct scaled comparisons (e.g., minAmountOut × rates × 1e18 >= amountIn × rates × maxSlippage). Adjusted aggregation of deposited/withdrawn values and rate-limit calculations to operate consistently in higher precision space. Minor interface formatting alignment applied.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Suggested reviewers

• supercontracts
• lucas-manuel

Poem

🐰 With whiskers twitched and nose held high,
I hopped through decimals, way up to the sky!
From eighteen to thirty-six, precision so neat,
The numbers now scaled in a liquidity beat. ✨💧

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix: CurveLib Math Precision (DEV-1154)' is fully related to the changeset, which focuses on replacing division-based precision adjustments with multiplications and explicit 1e18 scaling in CurveLib to maintain higher-precision calculations. It follows the required format with a prefix followed by a colon.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/dev-1154-curve-math

Tip

🧪 Unit Test Generation v2 is now available!

We have significantly improved our unit test generation capabilities.

To enable: Add this to your .coderabbit.yaml configuration:

reviews:
  finishing_touches:
    unit_tests:
      enabled: true

Try it out by using the @coderabbitai generate unit tests command on your code files or under ✨ Finishing Touches on the walkthrough!

Have feedback? Share your thoughts on our Discord thread!

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Fix all issues with AI agents

In `@src/libraries/CurveLib.sol`:
- Around line 113-114: Typo in the inline comment near the CurveLib
calculations: change "nether" to "neither" in the sentence that reads
"`params.minAmountOut * rates[params.outputIndex]` and `params.amountIn *
rates[params.inputIndex]` are always to 1e36 precision, so nether side wil
overflow..."; update the wording to "neither side will overflow" and correct
"wil" to "will" so the comment referring to params.minAmountOut,
params.amountIn, rates, inputIndex, and outputIndex is grammatically correct.
- Around line 245-246: Fix the typo in the comment inside CurveLib.sol: change
"nether" to "neither" in the sentence referencing `valueMinWithdrawn` and
`params.lpBurnAmount * curvePool.get_virtual_price()` so the comment reads
"neither side will overflow for amounts less than ~$100,000,000,000 trillion."
Keep the rest of the comment unchanged and ensure punctuation/spacing remains
consistent.
- Around line 177-178: Fix the typos in the NOTE comment inside CurveLib.sol
that mentions "params.minLpAmount * curvePool.get_virtual_price()" and
"valueDeposited": change "nether" to "neither" and any instance of "wil" to
"will" so the sentence reads correctly (e.g., "so neither side will
overflow..."). Update the comment text only; do not modify logic or variable
names.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Typo in comment: "nether" should be "neither".

📝 Proposed fix

-        // NOTE: `params.minAmountOut * rates[params.outputIndex]` and `params.amountIn * rates[params.inputIndex]` are
-        //       always to 1e36 precision, so nether side wil overflow for amounts less than ~$100,000,000,000 trillion.
+        // NOTE: `params.minAmountOut * rates[params.outputIndex]` and `params.amountIn * rates[params.inputIndex]` are
+        //       always to 1e36 precision, so neither side will overflow for amounts less than ~$100,000,000,000 trillion.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	// NOTE: `params.minAmountOut * rates[params.outputIndex]` and `params.amountIn * rates[params.inputIndex]` are
	// always to 1e36 precision, so nether side wil overflow for amounts less than ~$100,000,000,000 trillion.
	// NOTE: `params.minAmountOut * rates[params.outputIndex]` and `params.amountIn * rates[params.inputIndex]` are
	// always to 1e36 precision, so neither side will overflow for amounts less than ~$100,000,000,000 trillion.

🤖 Prompt for AI Agents

In `@src/libraries/CurveLib.sol` around lines 113 - 114, Typo in the inline
comment near the CurveLib calculations: change "nether" to "neither" in the
sentence that reads "`params.minAmountOut * rates[params.outputIndex]` and
`params.amountIn * rates[params.inputIndex]` are always to 1e36 precision, so
nether side wil overflow..."; update the wording to "neither side will overflow"
and correct "wil" to "will" so the comment referring to params.minAmountOut,
params.amountIn, rates, inputIndex, and outputIndex is grammatically correct.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Typos in comment: "nether" → "neither" and "wil" → "will".

📝 Proposed fix

-        // NOTE: `params.minLpAmount * curvePool.get_virtual_price()` and `valueDeposited` are always to 1e36 precision,
-        //       so nether side will overflow for amounts less than ~$100,000,000,000 trillion.
+        // NOTE: `params.minLpAmount * curvePool.get_virtual_price()` and `valueDeposited` are always to 1e36 precision,
+        //       so neither side will overflow for amounts less than ~$100,000,000,000 trillion.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	// NOTE: `params.minLpAmount * curvePool.get_virtual_price()` and `valueDeposited` are always to 1e36 precision,
	// so nether side will overflow for amounts less than ~$100,000,000,000 trillion.
	// NOTE: `params.minLpAmount * curvePool.get_virtual_price()` and `valueDeposited` are always to 1e36 precision,
	// so neither side will overflow for amounts less than ~$100,000,000,000 trillion.

🤖 Prompt for AI Agents

In `@src/libraries/CurveLib.sol` around lines 177 - 178, Fix the typos in the NOTE
comment inside CurveLib.sol that mentions "params.minLpAmount *
curvePool.get_virtual_price()" and "valueDeposited": change "nether" to
"neither" and any instance of "wil" to "will" so the sentence reads correctly
(e.g., "so neither side will overflow..."). Update the comment text only; do not
modify logic or variable names.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Typo in comment: "nether" should be "neither".

📝 Proposed fix

-        // NOTE: `valueMinWithdrawn` and `params.lpBurnAmount * curvePool.get_virtual_price()` are always to 1e36
-        //       precision, so nether side will overflow for amounts less than ~$100,000,000,000 trillion.
+        // NOTE: `valueMinWithdrawn` and `params.lpBurnAmount * curvePool.get_virtual_price()` are always to 1e36
+        //       precision, so neither side will overflow for amounts less than ~$100,000,000,000 trillion.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	// NOTE: `valueMinWithdrawn` and `params.lpBurnAmount * curvePool.get_virtual_price()` are always to 1e36
	// precision, so nether side will overflow for amounts less than ~$100,000,000,000 trillion.
	// NOTE: `valueMinWithdrawn` and `params.lpBurnAmount * curvePool.get_virtual_price()` are always to 1e36
	// precision, so neither side will overflow for amounts less than ~$100,000,000,000 trillion.

🤖 Prompt for AI Agents

In `@src/libraries/CurveLib.sol` around lines 245 - 246, Fix the typo in the
comment inside CurveLib.sol: change "nether" to "neither" in the sentence
referencing `valueMinWithdrawn` and `params.lpBurnAmount *
curvePool.get_virtual_price()` so the comment reads "neither side will overflow
for amounts less than ~$100,000,000,000 trillion." Keep the rest of the comment
unchanged and ensure punctuation/spacing remains consistent.

[octane-security-app]

Overview

Warnings found:	1

---

🔗 Commit Hash: 55b4354
🛡️ Octane Dashboard: All vulnerabilities