Fjord Token Staking
Fjord
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Divide Before Multiply Precision Loss

besto

Summary

On file path: 2024-08-fjord/src/FjordPoints.sol Lines: 242 - 243 The divide-before-multiply issue is being experienced. This primarily impacts calculation precision. While it does not pose a direct security threat such as reentrancy or unauthorized access, it can compromise the accuracy of point distributions.

Vulnerability Details

When you divide in Solidty, the integer division might truncate the result, leading to a loss of precision. Bare in mind that dividing an integer rounds it down.

Impact

Here's a couple of impact points:

  • Loss of Precision: Solidity does not handle floating-point numbers, so dividing integers can lead to truncation and loss of precision. This can affect calculations, especially when dealing with high-precision values.

  • Miscalculations: In this instance, this can lead to incorrect distribution of points calculations, potentially causing financial discrepancies.

Tools Used

Manual

Recommendations

To ensure precision in calculations, we recommend reordering the operations by multiplying before dividing:

- pointsPerToken =
- pointsPerToken.add(weeksPending * (pointsPerEpoch.mul(PRECISION_18).div(totalStaked)));
+ pointsPerToken =
+ pointsPerToken.add((weeksPending * pointsPerEpoch).mul(PRECISION_18).div(totalStaked));
Updates

Lead Judging Commences

inallhonesty Lead Judge
about 1 year ago
inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Division before multiplication

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.