Sablier
Sablier
DeFiFoundry
53,440 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Division before multiplication leads to unnecessary precision loss in `SablierV2NFTDescriptor::abbreviateAmount`

a12jmx

Summary

Division before multiplication leads to unnecessary precision loss in SablierV2NFTDescriptor::abbreviateAmount.

Vulnerability Details

Function abbreviateAmount takes two inputs namely amount and decimals on line 133:

function abbreviateAmount(uint256 amount, uint256 decimals) internal pure returns (string memory) {

The two inputs mentioned above, amount and decimals gets used on line line 140 to calculate the truncatedAmount:

truncatedAmount = decimals == 0 ? amount : amount / 10 ** decimals;

However, if it comes to executing the second part of the statement and the function needs to execute amount / 10 ** decimals this will lead to precion loss in truncatedAmount due to division being executed before multiplication.

Impact

In calculating truncatedAmount it will lead to be less than expected and precision is incredibly important in particular with this function as it involves decimal amounts.

Tools Used

Manual Review

Recommendations

When it comes to the second part of the statement needing to execute it would be best advisable to perform multiplication before division.

function abbreviateAmount(uint256 amount, uint256 decimals) internal pure returns (string memory) {
if (amount == 0) {
return "0";
}
uint256 truncatedAmount;
unchecked {
-- truncatedAmount = decimals == 0 ? amount : amount / 10 ** decimals;
++ truncatedAmount = decimals == 0 ? amount : amount ** decimals / 10;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.