Precision loss in integer division in the `MembershipFactory::joinDao` function
Summary
There is a precision loss issue in the calculation of platform fees due to integer division, which results in rounding errors. Division between integers discards any fractional component, leading to a potential under-calculation of platform fees when they should include fractional values. This issue may cause a minor discrepancy in the fees transferred, leading to inaccuracies in fee distribution over time.
Vulnerability Details
For instance, if tierPrice is set to 101, then
(20 * 101) / 100
would ideally yield 20.2. However, this calculation results in 20, not 20.2, causing a loss of precision. This discrepancy is magnified as tierPrice increases, leading to an accumulated error over many transactions.
Impact
The impact of this issue is a minor financial discrepancy. In cases where fractional fees are not rounded up, the DAO receives slightly less than intended. While this may not be significant in a single transaction, it can lead to cumulative losses for the DAO and slightly favor the user when many transactions are processed.
Tools Used
Manual review
Solidity compiler
Recommendations
For applications where even minor rounding discrepancies need to be avoided, consider using a fixed-point math library like ABDKMath or FixedPointMathLib from Solmate.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.