First Flight #17: Dussehra
First Flight #17
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Dust will be stuck in the contract due to rounding error

n0kto

Description

Since the balance of the entire contract is not used to share the fee, a rare case can happen:
Being divided by 2 (multiply by 50/100), if the tokens has the last decimal set and the number is odd, 1 wei will stay in the contract.
Recommendation for this finding will even permit to retrieve funds donated by user who did not participated.

function killRavana() public RamIsSelected {
if (block.timestamp < 1728691069) {
revert Dussehra__MahuratIsNotStart();
}
if (block.timestamp > 1728777669) {
revert Dussehra__MahuratIsFinished();
}
IsRavanKilled = true;
uint256 totalAmountByThePeople = WantToBeLikeRam.length * entranceFee;
@> totalAmountGivenToRam = (totalAmountByThePeople * 50) / 100;
@> (bool success, ) = organiser.call{value: totalAmountGivenToRam}("");
require(success, "Failed to send money to organiser");
}
function withdraw() public RamIsSelected OnlyRam RavanKilled {
if (totalAmountGivenToRam == 0) {
revert Dussehra__AlreadyClaimedAmount();
}
@> uint256 amount = totalAmountGivenToRam;
@> (bool success, ) = msg.sender.call{value: amount}("");
require(success, "Failed to send money to Ram");
totalAmountGivenToRam = 0;
}

Risk

Likelyhood: Low

  • Only if the last bit of totalAmountGivenToRam is set to 1. It means an odd number with the last decimal set.

Impact: Low

  • Dust stuck in the contract: 1 wei

  • More if people donate to the contract

Recommended Mitigation

Use address(this).balance to divide the fees and send all this remaining balance to the selected Ram. It will prevent dust and will permit to collect any money if people donated to the contract.

Updates

Lead Judging Commences

bube Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Dust

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.