Tadle
Tadle
DeFi
30,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Potential Precision Loss in Token Transfer Calculations

thopatevijay

Vulnerability Details

In the createTaker function of the PreMarkets contract, there's a risk of precision loss when calculating the transferAmount. This occurs when offerInfo.points is significantly larger than _points, potentially leading to rounding errors.

Impact

This precision loss could result in incorrect transfer amounts, potentially leading to financial losses for users or the platform. In extreme cases, users might receive fewer tokens than they should, or the contract might transfer more tokens than intended.

Proof Of Concept

Link to code

function demonstratePrecisionLoss(uint256 _points, uint256 offerAmount, uint256 offerPoints) public pure returns (uint256) {
// Similar to the calculation in createTaker
uint256 depositAmount = _points.mulDiv(offerAmount, offerPoints, Math.Rounding.Ceil);
// Calculate the expected result using high-precision arithmetic
uint256 expectedAmount = (_points * offerAmount + offerPoints - 1) / offerPoints;
assert(depositAmount == expectedAmount);
return depositAmount;
}
// Test with:
// demonstratePrecisionLoss(1, 1000000000000000000, 1000000000000000001)
// This will fail the assertion due to precision loss

Tools Used

Manual Review

Recommendations

  • Consider using a larger scale factor for intermediate calculations to minimize precision loss.

  • Implement a check to ensure that the calculated transferAmount is within an acceptable range.

  • Add safeguards to prevent extreme disparities between _points and offerInfo.points

Updates

Lead Judging Commences

0xnevi Lead Judge
11 months ago
0xnevi Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.