Rounding down issue due to precision loss will calculate wrong amount of totalFee.
Summary
Vulnerability Details
Description:- due to precision loss there is possibilty of rounding down issue to zero which will lead to miss calculate the totalFee amount.
depositChange = 50
fees[1].basisPoints = 100
totalFees += 50 * 100 / 10000 = 0.5 due to solidity floating point issue it will be zero
function getPendingFees() external view virtual override returns (uint256) {
int256 depositChange = getDepositChange();
uint256 totalFees;
if (depositChange > 0) {
for (uint256 i = 0; i < fees.length; ++i) {
totalFees += (uint256(depositChange) * fees[i].basisPoints) / 10000;
}
}
return totalFees;
}
Impact
rounding down totalFee to zero and wrong calculation of totalFee.
Tools Used
VS code.
Recommendations
```solidity
function getPendingFees() external view virtual override returns (uint256) {
int256 depositChange = getDepositChange();
uint256 totalFees;
if (depositChange > 0) {
for (uint256 i = 0; i < fees.length; ++i) {
// @audit there is precision loss if the depositChange * fee[i].basePoints is less than 10,000
// @audit i think this is correct instead of the orignal one.
++ totalFees += (uint256(depositChange) * fees[i].basisPoints) * 10000 / 10000;
-- totalFees += (uint256(depositChange) * fees[i].basisPoints) / 10000;
}
}
return totalFees;
}
\
```
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.