Summary

The contract Sun.sol has instances of the "Divide before multiply" vulnerability, where division is performed before multiplication. This pattern can lead to precision loss due to Solidity's integer division truncation. The affected functions include Sun.rewardToFertilizer and Sun.setSoilAbovePeg.

Vulnerability Details

Instance 1: Sun.rewardToFertilizer (contracts/beanstalk/sun/SeasonFacet/Sun.sol#109-149)
Code Snippet:

Description: In the Sun.rewardToFertilizer function, division is performed before multiplication, leading to potential precision loss.

Instance 2: Sun.rewardToFertilizer (contracts/beanstalk/sun/SeasonFacet/Sun.sol#109-149)
Code Snippet:

Description:
Another instance in the same function where division is performed before multiplication, introducing a risk of precision loss.

Instance 3: Sun.setSoilAbovePeg (contracts/beanstalk/sun/SeasonFacet/Sun.sol#216-224)
Code Snippet:

Description:
In the Sun.setSoilAbovePeg function, division is performed before multiplication, potentially leading to precision loss.

Instance 4: Sun.setSoilAbovePeg (contracts/beanstalk/sun/SeasonFacet/Sun.sol#216-224)
Code Snippet:

Another instance in the same function where division is performed before multiplication, introducing a risk of precision loss.

Impact

Performing division before multiplication can lead to precision loss, potentially affecting the accuracy of calculations and introducing unexpected behavior in the contract. It may result in incorrect distribution of rewards or misallocation of resources.

Tools Used

Manual review and slither.

Recommendations

It's recommended to reorder the arithmetic operations to perform multiplication before division to prevent precision loss. Review and update the relevant calculations in the affected functions accordingly.