LibFertilizer.remainingRecapitalization performs a multiplication on the result of a division.
Summary
Integer division truncatation in solidty performing division before multiplication hence leading to precision loss.
Vulnerability Details
The function remainingRecapitalization() in LibFertilizer has an operation "totalDollars = totalDollars / 1e6 * 1e6" whereby division is always rounded down to the nearest whole number, discarding any remainder.
Impact
Intended rounding: The code aims to round down the totalDollars value (representing total value of unripe LPs) to the nearest whole USDC (assuming 6 decimals).
The problem: It uses integer division (/) to achieve this rounding. Integer division discards any remainder, which can lead to an underestimation of the USDC value if there are non-zero digits after the 6th decimal place in totalDollars. Hence leading to a flaw in precision as the function might underestimate the actual USDC value by truncating the decimal places instead of rounding down properly.
Tools Used
Slither
Recommendations
Fixed-point arithmetic libraries: Use libraries designed for fixed-point math in Solidity. These libraries handle decimals explicitly and offer rounding functions with more control.
Alternative rounding approach: Employ alternative rounding techniques that don't rely on integer division. For instance, add a constant value (like 5) before the final division to achieve rounding down instead of truncation.
Lead Judging Commences
Precision loss
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.