Summary

There is a potential precision issue in the profit calculation system due to the use of an ACCURACY factor, which could lead to discrepancies over time, especially when dealing with large amounts.

Finding Description

The contract uses the totalProfit and lastProfit mappings to track the profits for each user. To scale profits proportionally, the system uses an ACCURACY factor (1e30). However, floating-point operations in Ethereum smart contracts can lead to precision errors, especially in scenarios where the totalProfit increases significantly or with a large number of users. These errors might result in inaccurate profit shares for token holders over time.

This bug affects the contract’s ability to maintain an accurate representation of each user’s share of profits, thus breaking the consistency security guarantee, as users could receive incorrect or reduced profit distributions.

Vulnerability Details

The profit calculation relies on multiplying the profit by a large ACCURACY factor (1e30) and dividing by the total supply. This could lead to rounding errors or imprecise calculations when profits are distributed among many users, especially with high totalProfit values or very small balances. These inaccuracies could compound over time, leading to incorrect profit claims by users.

Security guarantees broken:

• Consistency: Incorrect profit distribution due to rounding or precision errors.

• Correctness: Users may not receive the correct amount of profit they are entitled to.

Impact

If this issue is exploited, it could result in users receiving an inaccurate share of profits, which could undermine trust in the system, especially in a DAO or profit-sharing environment. Over time, the issue may compound, leading to substantial financial discrepancies, which could affect the integrity of the contract and potentially be exploited maliciously in certain edge cases (e.g., large numbers of tokens or high profit transfers).

Proof of Concept

The issue occurs when the system calculates profits as shown in the getUnsaved() and saveProfit() functions, which use the following logic:

When totalProfit becomes large or small, the resulting profit might not be proportional due to rounding errors.

Example:

• If totalProfit is 1e60, the calculation might result in rounding errors that distort the profit calculation for users.

Recommendations

To fix the issue, ensure that the precision used in profit calculations remains intact by utilizing a more robust scaling approach. You could use a higher-precision library or refactor the calculations to avoid overflow or rounding errors.

Fix 1:

Instead of relying on an arbitrarily large ACCURACY factor, consider using a library like SafeMath or FixedPoint for more precise arithmetic handling.

Fixed Code Snippet:

Replace the ACCURACY system with a more precise calculation or use a fixed-point arithmetic library like OpenZeppelin's SafeMath to handle divisions and multiplications safely.

Fix 2:

Ensure that profit distribution happens with a consistent scaling factor, and avoid using ACCURACY values that could overflow when handling large profit amounts.

File Location:

MembershipERC1155.sol

This format provides a clear, detailed explanation of the issue and its impact, while offering practical recommendations for fixing it.