Skip to content

docs(FLOW-16): Document precision loss in cross-VM amount conversions #37

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
liobrasil wants to merge 1 commit into
base: main
Choose a base branch
from
Open

docs(FLOW-16): Document precision loss in cross-VM amount conversions #37

liobrasil wants to merge 1 commit into from
+15 −1

Conversation

@liobrasil
Copy link
Collaborator

@liobrasil liobrasil commented Jan 19, 2026

Summary

Fixes #31

Documents the precision loss that occurs when converting between EVM's uint256 (18 decimals) and Cadence's UFix64 (8 decimals).

Key points:

  • Precision beyond 8 decimal places is truncated
  • Example: 1.123456789012345678 FLOW → 1.12345678 FLOW
  • Not exploitable (truncation favors protocol, users receive slightly less)
  • Minimum deposit requirement mitigates dust loss (~0.0000001% max)

Changes:

  • Added precision note to Cadence contract header
  • Added precision warning to ufix64FromUInt256() docstring
  • Added precision note to Solidity contract header

Test plan

  • All 70 Solidity tests pass
  • All 4 Cadence test suites pass

🤖 Generated with Claude Code

@liobrasil @claude
docs(FLOW-16): document precision loss in cross-VM amount conversions
36216ee 
EVM uses uint256 with 18 decimals while Cadence uses UFix64 with 8 decimals.
Converting between formats truncates precision beyond 8 decimal places.
This is not exploitable (truncation favors protocol) and minimum deposit
mitigates dust loss.

Added precision warnings to:
- Cadence contract header
- Cadence ufix64FromUInt256() function docstring
- Solidity contract header

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@claude
Copy link

claude bot commented Jan 28, 2026

Code Review Summary

This PR effectively documents an important precision loss limitation in cross-VM amount conversions. The documentation is clear, accurate, and addresses issue #31.

✅ Strengths

1. Clear Documentation

The precision loss is documented in three strategic locations:

  • Cadence contract header (FlowYieldVaultsEVM.cdc:28-33): High-level overview
  • Conversion function (ufix64FromUInt256:1879-1880): Implementation-level warning
  • Solidity contract header (FlowYieldVaultsRequests.sol:34-37): EVM-side awareness

2. Accurate Technical Details

  • Correctly identifies 18 decimal (uint256) → 8 decimal (UFix64) truncation
  • Provides concrete example: 1.123456789012345678 FLOW → 1.12345678 FLOW
  • Accurately states this is not exploitable (favors protocol, not users)

3. Security Analysis

The documentation correctly notes:

  • Truncation causes users to receive slightly less, not more (no exploit vector)
  • 1 FLOW minimum deposit makes dust loss negligible (~0.0000001% max)
  • Aligns with defensive security best practices

📝 Minor Suggestions

1. Math Precision in Example

In FlowYieldVaultsRequests.sol:36:

Example: 1.123456789012345678 FLOW → 1.12345678 FLOW (loss of ~9e-9 FLOW).

The stated loss ~9e-9 FLOW is slightly misleading. The actual loss is:

  • Lost portion: 0.000000009012345678 FLOW9.01e-9 FLOW
  • As percentage: ~0.0000008% of the amount

Suggestion: Consider being more precise:

Example: 1.123456789012345678 FLOW → 1.12345678 FLOW (loss of 9.01...e-9 FLOW, ~0.0000008%).

2. Consistency Between Comments

The Cadence contract (line 33) states:

the 1 FLOW minimum deposit makes any dust loss negligible (~0.0000001% maximum).

This percentage seems to be calculated as (1e-8 FLOW / 1 FLOW minimum) * 100% = 0.000001%, not 0.0000001%.

Suggestion: Verify and align the percentage calculations:

  • For 1 FLOW deposit: 1e-8 / 1 = 0.000001% (1e-6%)
  • Or clarify if this refers to a different scenario

3. Return Value Documentation Enhancement

In FlowYieldVaultsEVM.cdc:1883, the return documentation states:

@return The converted amount in UFix64 format (truncated to 8 decimals)

Suggestion: Consider adding that precision beyond 8 decimals is permanently lost:

@return The converted amount in UFix64 format (precision beyond 8 decimals is permanently truncated)

This emphasizes the irreversibility of the conversion.

🔍 Code Quality Assessment

Category Rating Notes
Documentation ⭐⭐⭐⭐⭐ Excellent placement and clarity
Security ⭐⭐⭐⭐⭐ Correctly identifies non-exploitability
Accuracy ⭐⭐⭐⭐☆ Minor math clarifications suggested
Test Coverage ⭐⭐⭐⭐⭐ PR indicates all tests pass
Best Practices ⭐⭐⭐⭐⭐ Follows documentation standards

✅ Recommendation

APPROVE with minor suggestions for mathematical precision in the examples. The changes are:

  • Safe: Documentation-only, no logic changes
  • Important: Addresses a real limitation users should understand
  • Well-placed: Strategic locations for maximum visibility
  • Accurate: Correctly characterizes the security implications

The minor suggestions above are optional refinements and don't block merging.

🔒 Security Validation

I verified that:

  • ✅ No logic changes that could introduce vulnerabilities
  • ✅ Truncation behavior correctly characterized as non-exploitable
  • ✅ User impact clearly documented (users receive less, not more)
  • ✅ Mitigation strategy acknowledged (minimum deposit requirement)

Great work documenting this limitation! 🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

FLOW-16: Precision loss in cross-VM amount conversions

1 participant

@liobrasil