Rounding Issue in Profit Distribution Leading to Unallocated Units
Summary
A rounding issue in the sendProfit() function results in unallocated profit due to Solidity's integer division behavior. When profit is distributed to DAO members, fractional components are discarded, which accumulates over time. This leads to a discrepancy between the total profit sent and the actual profit allocated to members, causing a cumulative loss in distributed profit for DAO members.
Vulnerability Details
In the sendProfit() function, profit is distributed per share using integer division. However, Solidity discards any fractional remainder in integer division, meaning that a portion of the profit intended for members remains unallocated within the contract.
The calculation (amount * ACCURACY) / _totalSupply determines the profit per share. Any remainder from this division is discarded, resulting in a rounding error that reduces the total profit allocated to members.
Example:
Assume amount = 10 and totalSupply = 8.
Expected allocation per share = 10 / 8 = 1.25.
Actual result from
(amount * ACCURACY) / _totalSupplyrounds down to 1 unit per share, leaving an unallocated fraction of 0.25 units per share in the contract.
Impact
The rounding issue causes a gradual accumulation of unallocated profit units in the contract. Over time, this leads to a cumulative loss for members as fractional profits are repeatedly lost with each profit distribution. This reduces the effective profit that members receive compared to the total profit intended for distribution, affecting fairness and transparency in the profit-sharing mechanism.
Tools Used
Manual code review
Recommendations
Consider tracking the cumulative unallocated fractions and redistributing them in future transactions.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.