Core Contracts

Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Submission Details
Severity: high
Invalid

Precision loss due to integer truncation in BoostController::getBoostMultiplier function

Summary

The getBoostMultiplier function calculates a user's boost multiplier for a given pool based on their amount and returns it in basis points (where 10,000 basis points = 100%) but there are some cases for which we can anticipate some precision loss.

https://github.com/Cyfrin/2025-02-raac/blob/main/contracts/core/governance/boost/BoostController.sol#L291

https://github.com/Cyfrin/2025-02-raac/blob/main/contracts/core/governance/boost/BoostController.sol#L292

Vulnerability Details

There is a case that if we use maximum value i.e. (2^256-1) as max uint256 value for amount then the following function will return 0.00000000025 as the base amount will be 4631683569492647816942839400347516314130799386625622561578303360316525185597400000000000000.

uint256 baseAmount = (userBoost.amount * 10000) / MAX_BOOST;
return userBoost.amount * 10000 / baseAmount

Impact

Entire reward or incentive system could fail due to reverts

Tools Used

Manual Review

Recommendations

Instead of 10,000 please replate it with 1e18 for avoiding precision loss.

uint256 baseAmount = (userBoost.amount * 1e18) / MAX_BOOST;
if (baseAmount == 0) return MIN_BOOST; //for preventing division by zero
return (userBoost.amount * 1e18) / baseAmount;
Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.