Sparkn

Summary

An issue was identified in the token distribution algorithm. When the totalAmount of tokens in the contract is 10 and there are two winners with percentages of 9000 and 500, respectively, one of the winners will not receive any tokens as they will be allocated 0 tokens due to the calculation constraint. The remaining 1 token will be allocated to STADIUM_ADDRESS.

Vulnerability Details

The vulnerability lies in the token distribution calculation when the totalAmount is divided among the winners based on their percentages. In the provided example, with totalAmount = 10, the first winner (9000 percentage) would receive 9000 * 10 / 10000 = 9 tokens, while the second winner (500 percentage) would receive 500 * 10 / 10000 = 0 tokens due to the constraint. Consequently, one of the winners will not receive any reward.

Impact

This vulnerability impacts the fairness and accuracy of the token distribution process. One of the winners will not receive their expected reward, potentially leading to dissatisfaction and imbalance in the distribution of rewards among participants.

Tools Used

Manual Review

Recommendations

It is recommended to maintain a token balance in the smart contract that exceeds the value of BASIS_POINTS (set to 10000). By ensuring a token balance greater than 10000, each winner with a valid percentage will be able to receive their corresponding token reward. This adjustment will help guarantee that all winners are fairly rewarded according to their proportions.