uses a dangerous strict equality `SpookySwap::trickOrTreat`
Summary
While strict equality (===) might seem intuitive for checking balances, it's not suitable for financial calculations due to precision issues, rounding errors, and potential security vulnerabilities. Using non-strict comparisons like >= or <= is generally safer and more flexible when dealing with Ether or token balances in smart contracts.
so Don't use strict equality to determine if an account has enough Ether or tokens.
Vulnerability Details
When dealing with Ether or tokens, we're typically working with decimal values. However, Ethereum stores all values as integers. This means that even small fractions of a unit can cause precision loss when compared using strict equality.
Due to the nature of floating-point arithmetic (even though Ethereum uses integer arithmetic), small rounding differences can occur. These differences can cause strict equality checks to fail, even when the amounts are practically equivalent.
Impact
Financial calculations often involve decimal places, which can lead to precision loss when using integer comparisons ,Small rounding differences can cause strict equality checks to fail even when the amounts are practically equivalent.
Tools Used
Slither,AI
Recommendations
Instead of using strict equality, it's generally better to use greater-than-or-equal-to (>=) or less-than-or-equal-to (<=) comparisons. These allow for some flexibility in the comparison while still maintaining the desired logic
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.