Submission Details
Severity:
[H-1] `closePot` contains division that may lead to precision loss
**Description:** ERC20 tokens have a `decimals` value associated with them, in the case of WETH - the value is 18. Hence if we have an amount say:
`uint256 amount = 1 ether // 1000000000000000000`, this would be 1 wETH.
`uint256 amount = 0.001 ether // 1000000000000000`, this would be 0.001 wETH.
When calculating the `claimantCut`, suppose we had a numerator of `1 ether` and 3 players to divide them amongst (we should use `claimants.length` but that's rasied in another issue). We would get a loss in precision:
`claimantCut = 1000000000000000000 / 3 = 333333333333333333 units`
In this case the divison would result in 0.333333333333333333 wETH to each claimant. There would be a remainder of 1 unit that is effectively lost in the division.
**Impact:** If we were distributing a large sum among many claimants, the cumulative loss could be come significant. Resulting in a loss of funds being sent to the claimants as well as the managers cut.
**Proof of Concept:** See `testRemainingRewardsAreIncorrectlyDistributed` within the ProofOfCodes within the audit directory which highlights a loss in precision.
**Recommended Mitigation**
Mitigation strategies include:
- Using a multiplier to preserve precision.
- Distributing the remainder to minimize the impact of truncation.
- SafeMath (in older Solidity versions) to prevent arithmetic errors.
- Avoiding operations on very small units (like wei) directly, to reduce precision loss.
Rewards breakdown
nSLOC
106This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.