Tadle

Vulnerability Details:

The contract employs floor rounding in several division operations, leading to potential precision loss over time. This issue is particularly noticeable in functions like closeBidTaker, where token amounts are calculated.

Impact:

Repeated transactions that consistently round down can cause a cumulative loss of value, affecting the precision of token distributions. This discrepancy between expected and actual balances could become significant over multiple transactions.

Proof Of Concept:

Link to code\

In the closeBidTaker function, consider the following scenario:

Here, the user receives 999,000 tokens. However, if similar calculations are repeated 1000 times, the cumulative loss would amount to:

1000 * (1000000 - 999000) = 1,000,000 tokens

This illustrates how small rounding errors can add up to significant losses after numerous transactions.

Additionally, when userRemainingPoints is much smaller than offerInfo.usedPoints, the floor rounding could reduce the fee to zero, even when a non-zero fee should be charged. For instance:

If collateralFee is 100, userRemainingPoints is 1, and offerInfo.usedPoints is 1000, the calculation results in:
100 * 1 / 1000 = 0 (rounded down)

But the actual fee should be 0.1, which would round to 1 in integer arithmetic.

Tools Used:

Manual Review

Recommendations:

*To mitigate this issue, consider using higher precision during calculations. Multiply by a large constant before performing division, and then scale back down:

*Implement a minimum fee threshold to prevent very small fees from being rounded down to zero: