Precision loss will occur in the onAfterRemoveLiquidity function based on certain inputs within the uplift only example contract
Summary
The formula relies on integer division, which truncates any fractional result. In cases where the numerator is not evenly divisible by the denominator (10000), precision loss will occur. This loss of precision can lead to underpayment or overpayment of calculated fees (feePerLP), particularly when handling small values or edge cases.
Vulnerability Details
The vulnerable code is here:
An example:
For localData.lpTokenDepositValueChange = 12345 and upliftFeeBps = 7, the calculation:
yields:
Numerator: 12345 * 7 * 1e18 = 8.6415e22
Result (integer division): 8.6415e18
Impact
The truncation of fractional parts leads to a minor but potentially exploitable discrepancy.
Tools Used
Manual code review.
Recommendations
Reorder operations to multiply before dividing to preserve precision for as long as possible.
Lead Judging Commences
Informational or Gas / Admin is trusted / Pool creation is trusted / User mistake / Suppositions
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.