MyCut
First Flight #23
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

No way to sweep the remaining amount due the loss of precision at the division.

ivanonchain

Description:

As Solidity doesn't support decimal number there is a change of loss precision in a division. Therefore this loss of precision can left some remaining amount locked in the contract.
For this reason a function to sweep the remaining dust is a good idea.

Impact:

Never is good have some dust tokens stuck in the contract, for that reason a function to get it out could be useful.

Proof of Concept:

Pot::closePot has some divisions that make inevitable to left some token due to Solidity doesn't support decimal number

function closePot() external onlyOwner {
if (block.timestamp - i_deployedAt < 90 days) {
revert Pot__StillOpenForClaim();
}
if (remainingRewards > 0) {
@> uint256 managerCut = remainingRewards / managerCutPercent;
i_token.transfer(msg.sender, managerCut);
@> uint256 claimantCut = (remainingRewards - managerCut) / i_players.length;
for (uint256 i = 0; i < claimants.length; i++) {
_transferReward(claimants[i], claimantCut);
}
}
}

Recommended Mitigation:

Consider add a sweep function fo withdraw the remaining token due to the loss of precision.

Updates

Lead Judging Commences

equious Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Dusty Pot

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.