Precision Errors in Token Distribution Due to Division Before Multiplication
Summary
Solidity's integer division truncates. Thus, performing division before multiplication can lead to precision loss.
Vulnerability Details
the vulnerability arises from the arithmetic operation of dividing before multiplying, which can lead to precision errors. Here's how it affects each scenario:
-
Airdrop Claims: When calculating the number of days in a couple or the amount of tokens to distribute, the division before multiplication can result in an imprecise number of days or tokens. This can lead to incorrect token distribution, where users receive fewer tokens than they should, or it can cause the total distributed amount to be less than intended.
-
Staking Claim Rewards: During the calculation of the time elapsed since the last claim and the amount to claim, the division before multiplication can cause an inaccurate representation of the time interval or the claimable amount. This can lead to users receiving fewer rewards than they should, or it can result in the total rewards distributed being less than the expected amount.
Impact
The impact of this vulnerability in both cases is that users may not receive the full benefits they are entitled to, which can undermine trust in the system and potentially lead to financial losses for users. It can also affect the overall economic model of the platform, as the total rewards or token distribution may be less than planned.
Tools Used
Manually
Recommendations
Use fixed-point arithmetic libraries or techniques to preserve decimal precision.
Thoroughly test all arithmetic operations to ensure they behave as expected and handle edge cases gracefully.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.