Potential Inaccuracies in redeemPercent Calculation and Collateral Distribution
Summary
The redeemPercent calculation and subsequent collateral distribution in the KittyPool.sol contract might not account for edge cases, such as extremely small or large values. This could lead to inaccuracies in the distribution of collateral, potentially impacting the fairness and correctness of the contract's operations.
Vulnerability Details
The redeemPercent function is responsible for calculating the percentage of collateral to be redeemed and distributing it accordingly.
When dealing with very small values, the calculations might suffer from precision loss, leading to inaccuracies in the final distribution. Also small values might be rounded down to zero, resulting in users receiving less collateral than expected.
Although Solidity 0.8.x includes built-in overflow checks, extremely large values might still pose a risk if not handled properly.
Impact
Users might receive less collateral than expected due to precision loss and rounding errors when dealing with very small values. Extremely large values might cause overflow issues or exceed the block gas limit, leading to transaction failures. The overall fairness and correctness of collateral distribution might be compromised, affecting user trust and the contract's reliability.
Tools Used
Manual Review
Recommendations
Ensure that all arithmetic operations are performed using safe math libraries to handle precision correctly and also implement checks to handle extremely small and large values, ensuring that the contract can handle these scenarios without issues.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.