Precision Loss Could Lead To DoS
Summary
In Swan::transferRoyalties buyerFee and driaFee will experience precision loss due to the base being 100. On top of that, the value can be 0 and with certain ERC20 tokens a transfer of 0 will revert DoS-ing the listing and relisting functions for such assets.
Vulnerability Details
As we know due to Solidity's nature when a division happens precision loss can occur, rounding down the result. For the transferRoyalties function this will mean that buyerFee and driaFee will be rounded down in most cases. In the case in which:
asset.price*asset.royaltyFee< 100buyerFee*platformFee< 100
The fee(s) will be equal to 0. However, some ERC20 tokens will revert on transfer of 0 which will mean that thetransferRoyaltiesfunction will revert.
Impact
Such a vulnerability will cause certain combinations of price, royaltyFee and platformFee to not be possible without a clear explanation.
Tools Used
Manual Review
Recommendations
To fix this issue perform these tasks:
When
buyerFeeis 0 don't perform any transfers to not cause a random revert.Consider changing the base of the fee to a 1e4 or 1e5 base giving more freedom for fee choice and less possibility for precision loss.
Lead Judging Commences
Rounding Issue in `Swan.sol::transferRoyalties` function
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.