Submission Details
Severity:
`MarketCreator.sol::calculateReward` Reward manipulacion due to rounding issue
Summary
Rounding issue in the calculateReward functions causes the calculated rewards to return zero for the small depositors when the attacker deposits a large amount. This way the attacker denies the rewards for the small depositors.
Vulnerability Details
function calculateReward(uint256 marketId, uint256 amount) internal view returns (uint256) {
Market storage market = markets[marketId];
@> return (amount * market.reward) / market.totalDeposits;
Impact
Assumig
market.totalDeposits=4000
market.reward=MAX_REWARD=1000
user deposits= 20 tokens
(amount * market.reward) / market.totalDeposits; // (20*1000)/4000 = 5 (Expected)
Now the attacker deposits 20,000 tokens and increasing market.totalDeposit to 24,000
(amount * market.reward) / market.totalDeposits; // (20*1000)/24000 = 0 (rounds down to 0)
Attacker now manipulating the rewards and the user gets zero rewards.
Tools Used
Recommendations
Modify the formula using precision scaling to avoid rounding.
uint256 PRECISION = 1e18;
return (amount * market.reward * PRECISION) / market.totalDeposits / PRECISION;
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420
USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.