Bad handling of amount decimal multiplication on LinearDistributionIntervalDecrease.sol affects the pool rate accounting
Vulnerability Details
When queried less than the decrease interval range, the getPeriodReward function seems to return the reward with the wrong amount of decimals due to the calculation below:
Here, after the initialAmount(having decimal precision e.g 10 ** 18) substracts the intervalsPassed, it is then multiplied with the decreaseAmount(which also has a decimal precision of e.g 10 ** 18 making the resulting amount have a decimal precision of 10 ** 36). The issue is that the combined decimal precision due to the multiplication above wasn't divided by the decimal precision to bring it back to its original decimals.
Impact
Bad handling of amount decimal multiplication on LinearDistributionIntervalDecrease.sol affects the pool rate accounting in-turn breaking the protocol accounting.
Recommendations
The issue is that the final amount returned when queried less than the decrease interval range is in larger decimals than normal rewards which affects the pool rate accounting, enforce this decimals are conmsistent by dividing the resulting amount from the multiplication by the decimal precision.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.