Insufficient Increase in EUROs Due to Conditional Calculation in Smart Contract Function
Summary
The position function in the smart contract may encounter an issue where the increase in _position.EUROs does not occur as expected. This issue arises if the product of IERC20(EUROs).balanceOf(manager) and _position.TST is smaller than the value returned by getTstTotal().
Vulnerability Details
Within the function, _position.EUROs is intended to increase based on a calculation that involves the manager's balance of EUROs and the TST balance of the _holder. The problematic part of the calculation is IERC20(EUROs).balanceOf(manager) * _position.TST / getTstTotal(). If the result of IERC20(EUROs).balanceOf(manager) * _position.TST is smaller than getTstTotal(), the division will yield a result less than 1. Since Solidity handles division of uint256 types by truncating the decimal part, any value less than 1 results in 0. Consequently, _position.EUROs will not increase, even when there are positive balances involved.
Impact
This calculation flaw can lead to scenarios where holders with a positive TST balance do not see an expected increase in their EUROs, potentially causing inaccuracies in the representation of a holder's position. This could affect the contract's functionality and the holder's understanding of their rewards or entitlements.
Tools Used
Manual Review
Recommendations
Modify the calculation logic to ensure that holders with a positive TST balance can see an increase in their EUROs even when the product of IERC20(EUROs).balanceOf(manager) and _position.TST is smaller than getTstTotal(). This might involve implementing a different formula or adding minimum thresholds.
Lead Judging Commences
informational/invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.