The Standard

DeFiHardhat

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

Inaccurate Fee Distribution in the `distributeFees` Function

0xdoko

Summary

A vulnerability has been identified in the distributeFees function of the LiquidationPool smart contract. The issue arises from the way fees are distributed, which results in inaccurate calculations that truncate fractional values after the decimal point. This issue affects stakers, potentially leading to a loss of funds.

Vulnerability Details

Function Affected: 'distributeFees'

The distributeFees function in the LiquidationPool contract is responsible for distributing fees among the contract's holders and pending stakes. However, the calculation method used in this function has a vulnerability that causes an incorrect distribution of fees.

Vulnerability Description:

In the distributeFees function, fees are distributed using the following calculation:
positions[_holder].EUROs += _amount * positions[_holder].TST / tstTotal;

Here, _amount represents the total amount of fees to be distributed. The calculation multiplies _amount by the ratio of a holder's TST balance to the total TST balance (positions[_holder].TST / tstTotal). However, this calculation does not account for fractional values after the decimal point.

As a result, when _amount is distributed to holders, it is rounded down to an integer value, effectively truncating any fractional EUROs owed to them. This inaccurate distribution can lead to a loss of funds for the stakers.

Impact

The impact of this vulnerability is that stakers who are entitled to a fractional amount of fees will receive less than they should. This results in a potential financial loss for the affected stakers, and it undermines the accuracy and fairness of fee distribution within the LiquidationPool contract.

The vulnerability in the distributeFees function of the LiquidationPool contract can result in an inaccurate distribution of fees, potentially causing financial losses for stakers. To mitigate this issue, it is recommended to update the calculation in the function to preserve fractional values using fixed-point arithmetic or a similar approach. This will ensure fair and accurate fee distribution within the contract.

Tools Used

Manual Review

Recommendations

To address this vulnerability and ensure accurate fee distribution, the calculation in the distributeFees function should be modified to preserve fractional values.

Updates

Lead Judging Commences

hrishibhat Lead Judge almost 2 years ago

Submission Judgement Published

Validated

Assigned finding tags:

precision-distributeFees

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

609

33 USDC / LOC

High Medium

17,500 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!