Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: low
Valid

rewardPerVoter is subject to rounding errors

Summary

The rewardPerVoter value is subject to rounding errors - which might lead to locked funds on behalf of the vote proposal creator. This might also lead to attacker being able to withdraw these funds from the contract or lead to an error in a future calculated amount.

Vulnerability Details

In all except for the last voter, this calculation is made:

        uint256 rewardPerVoter = totalRewards / totalVotes;

Which is prone to rounding errors - which might lead to funds not getting paid out to the users who voted for but instead get locked up in the contract.

Impact

Might lead to locked funds or attackers being able to withdraw funds at a later date.

Tools Used

Recommendations

Use OpenZeppelin math library to make sure the rounding is as perfect (as close to zero) as can be.

Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

VotingBooth._distributeRewards(): Dust amount can still remain in contract

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.