MyCut
First Flight #23
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

`managerCut` is not calculated properly

wolden

Summary

In the function Pot::closePot() managerCutis not calculated properly

uint256 managerCut = remainingRewards / managerCutPercent;

Vulnerability Details

uint256 private constant managerCutPercent = 10;

managerCut calculates a fraction of remainingRewards and it's not the correct way to calculate the manager share. The manager takes a cut of the remaining pool, which is set to 10%. Calculation only works as intended when the percentage is 10%. Let's say the protocol decided that the manager's share would be 5% instead of 10%. In this case, this would give 20% instead of 5%.

Example

managerCutPercent = 10%

remainingRewards = 100,000

managerCut = 100000 / 10 => 10000

Correct but when managerCutPercent = 5%

managerCut= 100000 / 5 => 20000 which is not 5%, should be 5000

Impact

The manager cut will be incorrect if managerCutPercent is intended to be a different percentage.

Tools Used

Manual review

Recommendations

- uint256 managerCut = remainingRewards / managerCutPercent;
+ uint256 managerCut = (remainingRewards * managerCutPercent) / 100;
Updates

Lead Judging Commences

equious Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Erroneous ManagerCut calculation

Appeal created

equious Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.