ZENO tokens can be bought at auction for less price than intended
Summary
The getPrice() function is prone to integer division round down. This can cause a situation where ZENO tokens are sold for less than their value
Vulnerability Details
ZENO auction accept stablecoin as payment, it means any round down is a fraction of a dollar lost. For example 8.33 round down to 0.33 is 33 cents lost.
The function formula decrease the price over time using a linear decrease formula. The problem is this formula can indeed round the price down.
Assume the following parameters:
state.startingPrice = 100 tokens
state.reservePrice = 50 tokens
state.startTime = 1,700,000,000 (Unix timestamp)
state.endTime = 1,700,000,600 (600 seconds later)
At a current time
Calculate the elapsed time:
Calculate the total auction duration:
Determine the total price decrease:
Calculate the price reduction so far:
Since Solidity performs integer division, this value is truncated to 8 tokens.
Compute the current price:
Note: Due to integer division in Solidity, the price reduction is rounded down, resulting in a slightly lower price than the exact mathematical value.
Impact
ZENO tokens can be bought for slightly lower prices than intended
Tools Used
Manual review
Recommendations
The getPrice() function should round the price up in protocol favor.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.