Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Swan will receives less fee due to rounding error

745fe9f9c2

Summary

Swan will receives less fee due to rounding

Vulnerability Details

In Solidity, the expression uint256 buyerFee = (asset.price * asset.royaltyFee) / 100; calculates a percentage fee but is subject to "rounding down" errors due to integer division. Since Solidity's uint256 type only supports whole numbers, any fraction in the division is truncated, potentially making the calculated buyerFee slightly less than the true intended percentage.

For example, if asset.price * asset.royaltyFee equals 999, dividing by 100 would result in 9 instead of 9.99, as the decimal part is discarded. This can cause minor discrepancies that accumulate over multiple transactions, leading to slightly inaccurate fee calculations.

function transferRoyalties(AssetListing storage asset) internal {
// calculate fees
//@audit loss of fee due to rounding
uint256 buyerFee = (asset.price * asset.royaltyFee) / 100;
uint256 driaFee = (buyerFee * getCurrentMarketParameters().platformFee) / 100;
// first, Swan receives the entire fee from seller
// this allows only one approval from the seller's side
token.transferFrom(asset.seller, address(this), buyerFee);
// send the buyer's portion to them
token.transfer(asset.buyer, buyerFee - driaFee);
// then it sends the remaining to Swan owner
token.transfer(owner(), driaFee);
}

Impact

loss of funds

Tools Used

Manual Review

Recommendations

Modify the transferRoyalties function to round up the required fee amount

Updates

Lead Judging Commences

inallhonesty Lead Judge 9 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Rounding Issue in `Swan.sol::transferRoyalties` function

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.