The formula used to calculate saturation ` uint256 saturation = ((bitField >> 8) & 0xFF) % 80 + 20;` return range [0,99], this way 100% saturation is never achieved.
Summary
In SablierV2NFTDescriptor::generateAccentColor 100% saturation is never actually achieved.
Vulnerability Details
In contract SablierV2NFTDescriptor the generateAccentColor function calculates saturation by this formula and expect it to be in range [20,100].
according to docs The saturation is a percentage where 0% is grayscale and 100%, but here the range is bounded to [20,100] to make the colors more lively. but here by using this formula 100% saturation is never achieved. The ((bitField >> 8) & 0xFF) % 80 will always return a value between [0,79] and never reach 80. which thus result in overall range from 20 to 99. This way 100% saturation is never achieved.
Impact
The 100% saturation percentage is never achieved.
Tools Used
Manual Aalysis
Recommendations
use this line of code instead of old one to count the lightness.
this way the saturation will come in range [20,100] as the protocol intended it to be.
Lead Judging Commences
Info/Gas/Invalid as per Docs
https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity
Info/Gas/Invalid as per Docs
https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.