Total Percentage Calculation Vulnerability
Summary
Total Percentage Calculation Vulnerability in Distributor Contract
Vulnerability Details
The vulnerability relates to the logic of summing up the percentages in the _distribute function of the Distributor contract. The contract assumes that the sum of percentages should be exactly (10000 - COMMISSION_FEE). Any rounding errors or inaccuracies in calculating the sum could result in an incorrect distribution or failed validation.
Impact
If the sum of the percentages deviates from the expected value, it could lead to incorrect token distribution or a failed distribution altogether. Inaccurate calculations may result in loss of funds or unexpected behavior in the contract.
Tools Used
Manual code review and analysis of the percentage calculation and validation logic in the _distribute function.
Recommendations
To address this vulnerability, consider the following recommendations:
-
Use SafeMath: Implement the use of SafeMath or similar libraries to handle arithmetic operations securely. This can help prevent rounding errors and ensure accurate calculations.
-
Allow Tolerance: Instead of expecting an exact sum of
(10000 - COMMISSION_FEE), allow for a small tolerance to account for potential rounding issues. Use a range or margin of error when validating the total percentage. -
Thorough Testing: Perform comprehensive testing with different percentage values to ensure that the distribution calculations produce accurate results and meet the desired criteria.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.