Incorrect use of confidence value gets users less tickets
calculateTicketsToMint subtracts the Pyth confidence value directly from the price, but confidence is a reliability indicator and should not enter the arithmetic. Users receive 1 to 10% fewer tickets, more under volatility.
Description
The calculateTicketsToMint function in the MonadexV1Library contract incorrectly uses the confidence value from the Pyth oracle in its ticket minting calculation. According to Pyth documentation, the confidence value represents the uncertainty or possible error range in the reported price and should be used to assess the reliability of the price data, not for direct arithmetic operations.
uint256 ticketsToMint = (price - confidence) * _amount / _pricePerTicket;
This calculation subtracts the confidence from the price, which is not the intended use of the confidence value and leads to inaccurate ticket minting calculations.
Impact
Users receive fewer tickets than they should for their input amount. In typical market conditions, this could result in 1-10% fewer tickets being minted.
During periods of high market volatility when confidence values are higher, the underminting becomes more severe. In extreme cases, it could result in significantly fewer tickets being minted.
Recommendation
Remove the confidence subtraction from the price calculation and use the confidence value to assess the reliability of the price feed rather than in the calculation itself. For instance:
if (confidence > price / 10) revert MonadexV1Library_PriceConfidenceTooLow;
Here the code ensures that the confidence value is within an acceptable range (e.g., 10% of the price). If the confidence value is too high, indicating high uncertainty in the price, the transaction will revert.
