MyCut
First Flight #23
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Division of `uint256` values is always rounded down in Solidity, calculation of rewards leads to loss of tokens

0xkatrix

Summary

Calculations made in Pot contract are dividing uint values for calculation of rewards, and the values are not multiples of 1e18, thus, rounded down to the nearest integer.

Vulnerability Details

LoC:
https://github.com/Cyfrin/2024-08-MyCut/blob/946231db0fe717039429a11706717be568d03b54/src/Pot.sol#L54
https://github.com/Cyfrin/2024-08-MyCut/blob/946231db0fe717039429a11706717be568d03b54/src/Pot.sol#L57

If remainingRewards equals to 7, and managerCutPercent is 10, then managerCut will be rounded down to 0. Similarly, calculation of claimantCut also leads to the value being rounded down to the nearest uint value. This leads to tokens being left unconsidered in the Pot contract and therefore, being burnt.

Impact

Loss of tokens and miscalculation of manager and players' cuts of the rewards.

Tools Used

Manual Review

Recommendations

Multiply your rewards values by 1e18 or any other exponent value.

- uint256 managerCut = remainingRewards / managerCutPercent;
+ uint256 private constant DECIMAL_VALUE = 1e18;
+ uint256 managerCut = (remainingRewards * DECIMAL_VALUE) / managerCutPercent;
- uint256 claimantCut = (remainingRewards - managerCut) / i_players.length;
+ uint256 claimantCut = ((remainingRewards * DECIMAL_VALUE) - managerCut) / i_players.length;
Updates

Lead Judging Commences

equious Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Dusty Pot

Appeal created

0xkatrix Submitter
about 1 year ago
equious Lead Judge
about 1 year ago
equious Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Dusty Pot

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.