Division before multiplication result in wrong calculation / unexpected behaviour
Summary
Multiplication is performed on the result of a division, which can lead to precision errors due to the truncation of decimal points in Solidity.
Vulnerability Details
contracts/libs/LinearDistributionIntervalDecrease.sol#19-85:
In LinearDistributionIntervalDecrease.getPeriodReward(uint256,uint256,uint128,uint128,uint128,uint128) - line 50 and line 51
performs a multiplication on the result of a division.
contracts/libs/LinearDistributionIntervalDecrease.sol#102-129):
LinearDistributionIntervalDecrease._calculatePartPeriodReward(uint128,uint128,uint128,uint256,uint256,bool) - line 110, line 111, line 121
performs a multiplication on the result of a division.
contracts/libs/LinearDistributionIntervalDecrease.sol#131-159):
LinearDistributionIntervalDecrease._calculateFullPeriodReward(uint128,uint128,uint128,uint128,uint256,uint256) - line 153, line 158
performs a multiplication on the result of a division.
Impact
These vulnerabilities can lead to incorrect calculations due to the loss of precision, which can have significant implications in a financial context (for example in the case of wrong rewards calculation). The impact can range from minor discrepancies in value calculations to major financial losses, depending on the specific use case and the values involved.
Tools Used
Slither tool
Recommendations
To mitigate these vulnerabilities, consider rearranging the operations to perform multiplication before division. This can help to maintain precision and avoid potential rounding errors.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.