Rounding Issue in `Swan.sol::transferRoyalties` function where buyerFee calculation leads to loss of small precision
Vulnerability Details:
The rounding issue happens in the buyerFee calculation.Any fractional results from calculations will be truncated (rounded down) rather than rounded mathematically.
For example, if the calculation results in 3,300.33, it will be stored as 3,300 because Solidity only stores whole numbers.
IMPACT : LOW
LIKELIHOOD : MEDIUM
POC :
asset.price = 10,001
asset.royaltyFee = 33
Calculation:
Multiply: 10,001 * 33 = 330,033
Divide: 330,033 / 100 = 3,300.33
Due to integer division, buyerFee is stored as 3,300, which is a loss of 0.33.
Impact
While a discrepancy of 0.33 per transaction might seem small at first glance, it can add up quickly over many transactions. When you multiply that tiny shortfall across hundreds or thousands of sales, it can result in a substantial loss, ultimately impacting the overall revenue significantly.
Tools Used
School Maths
Recommendations
use rounding up when calculating buyerFee
Lead Judging Commences
Rounding Issue in `Swan.sol::transferRoyalties` function
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.