The profit calculation methods in the functions getUnsaved & saveProfit result in user profit loss.
Summary
The profit calculation methods in the functions getUnsaved & saveProfit result in user profit loss.
Vulnerability Details
In the file MembershipERC.sol, the function claimProfit is used to calculate profit and send the profit to the user. The specific profit calculation method is implemented in the function saveProfit(line 182).
Now, let's assume we call the claimProfit function to withdraw profit. We can see that the profit consists of two parts: one part is savedProfit[account], and the other part is unsaved. When the saveProfit function is executed, there is a scenario where, due to the precision limitation in the getUnsaved function ( profit / ACCURACY), it returns 0, while savedProfit[account] is not 0. In this case, the saveProfit function will save lastProfit as the basis for the next profit withdrawal, and claimProfit will normally return and send the user the profit value of savedProfit[account].
However, the issue is that even though the getUnsaved function returns 0, this is due to the profit (totalProfit - lastProfit[account]) * shareOf(account) not being sufficient to meet the ACCURACY precision requirement. As a result, this portion of the profit that does not meet the precision requirement is ignored because the saveProfit function executes lastProfit[account] = totalProfit. This means that each time the claimProfit function is executed, a portion of the profit that does not meet the ACCURACY requirement is lost.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.