Liquid Staking

Stakelink
DeFiHardhatOracle
50,000 USDC
View results
Submission Details
Severity: low
Invalid

Precision Loss Due to Division Before Multiplication in `deposit:CommunityVCS` Function

Summary

In the deposit function of the CommunityVCS contract, there is an arithmetic operation where division is performed before multiplication. This can cause precision loss due to the nature of integer division in Solidity, which truncates decimal values. The issue arises when calculating the number of vaults per group, potentially leading to an inaccurate distribution of resources across vault groups.

Vulnerability Details

The problematic section of code is as follows:

uint256 vaultsPerGroup = totalVaults / numVaultGroups;
vaultGroups[i].totalDepositRoom += uint128(numVaults * diff);

Here, the division of totalVaults / numVaultGroups occurs before the multiplication by diff.
In Solidity, division truncates any remainder when dealing with integers, leading to potential loss of precision. As a result, the number of vaults per group may not be distributed evenly, which can affect how much deposit capacity is allocated to each vault.

Example Scenario

Let’s assume the following values:

  • totalVaults = 17

  • numVaultGroups = 3

If we perform the division first (17 / 3), the result would be 5 (truncated from 5.67), meaning some vault groups may receive less than their fair share of deposits. Multiplying this truncated result by diff may further compound the inaccuracy, leading to inefficient vault utilization.

In contrast, performing the multiplication first would retain more precision, as shown in the corrected calculation below.

Impact

  • Inefficient Resource Distribution: The division before multiplication can cause some vaults to receive more deposit capacity than others, resulting in an uneven allocation of staking resources.

  • Potential Underutilization: Vaults may become underutilized or overburdened, leading to inefficiencies in staking operations, which can impact the system's performance and user experience.

  • Staking Discrepancies: Over time, small inaccuracies can accumulate, leading to larger imbalances in how deposits are distributed across vault groups.

Tools Used

  • Manual code review

  • Static analysis

Recommendations

To avoid precision loss, reverse the order of operations by performing the multiplication first, ensuring more accurate calculations:

uint256 totalDiff = diff * totalVaults;
uint256 vaultsPerGroup = totalDiff / numVaultGroups;

This change ensures that the multiplication happens before division, reducing the chance of losing precision during the calculations. By doing so, the vaults will be allocated more fairly, and the staking system will perform more efficiently.

Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.