The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

LiquidationPool::distributeFees has divide before multiply leading to loss of precision

ravikiranweb3

Summary

LiquidationPool::distributeFees() function does divide before multiple leading to loss of precision due to potential for truncation in solidity.

Vulnerability Details

The distributeFees computes the proportional EUROS for holders based on their current holding and pending stakes. But the logic for computation of these proportional values is not giving precedence for multiplication before division lead to truncation of fractional values.

for (uint256 i = 0; i < holders.length; i++) {
address _holder = holders[i];
positions[_holder].EUROs += _amount * positions[_holder].TST / tstTotal;
}
for (uint256 i = 0; i < pendingStakes.length; i++) {
pendingStakes[i].EUROs += _amount * pendingStakes[i].TST / tstTotal;
}

Impact

This leads to users not getting the portion of the euros they are eligible to claim.

Tools Used

Manual Review

Recommendations

Apply precedence for multiplication before dividing as below,

for (uint256 i = 0; i < holders.length; i++) {
address _holder = holders[i];
positions[_holder].EUROs += (_amount * positions[_holder].TST) / tstTotal;
}
for (uint256 i = 0; i < pendingStakes.length; i++) {
pendingStakes[i].EUROs += (_amount * pendingStakes[i].TST) / tstTotal;
}
Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
Assigned finding tags:

informational/invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.