Loss of precision when calculating rewards
Summary
Note: This bug has been found by LightChaser but not all instances have been reported
In Solidity, when performing division, the quotient may round down, potentially causing users to receive less funds than intended.
Vulnerability Details
When calling solidity’s native arithmetic functions, there is a possibility of the quotient rounding down, this also happens when using the SafeMath library.
See the following instances of using SafeMath::div that have not been caught by LightChaser:
https://github.com/Cyfrin/2024-08-fjord/blob/main/src/FjordPoints.sol#L148-L149
https://github.com/Cyfrin/2024-08-fjord/blob/main/src/FjordPoints.sol#L242-L243
https://github.com/Cyfrin/2024-08-fjord/blob/main/src/FjordAuction.sol#L197
https://github.com/Cyfrin/2024-08-fjord/blob/main/src/FjordAuction.sol#L217
Impact
Minor loss of funds
Tools Used
Manual Review
Recommendations
Consider using the PRBMath library to improve the precision of division operations
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.