Sparkn

CodeFox Inc.
DeFiFoundryProxy
15,000 USDC
View results
Submission Details
Severity: medium

Ensuring Precision and Safety in Integer Arithmetic: Addressing Potential Inaccuracies in Solidity Calculations

Summary

Vulnerability Details

The expression uint256 amount = totalAmount * percentages[i] / BASIS_POINTS; may not consistently produce accurate outcomes due to potential truncation and rounding intricacies inherent to integer division and multiplication.

Impact

Conducting division between two integers results in an integer outcome, with any fractional components being omitted. This introduces a potential for loss of precision in scenarios where totalAmount * percentages[i] is not evenly divisible by BASIS_POINTS, causing the outcome to be rounded down to the closest integer.

Tools Used

Manual review

Recommendations

Integrate libraries such as SafeMath or to devise more meticulous arithmetic procedures utilizing mechanisms such as fixed-point arithmetic or decimals
Add the following in the code

import "@openzeppelin/contracts/utils/math/SafeMath.sol";

using SafeMath for uint256;

uint256 amount = totalAmount.mul(percentages[i]).div(BASIS_POINTS);

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.