Core Contracts

Summary

The StabilityPool.sol contract contains a subtle precision loss issue when performing division-based calculations involving token balances. Due to Solidity’s integer division rounding behavior, certain computations may result in minor precision loss, leading to small discrepancies in user balances or protocol accounting. This issue is extremely difficult to detect manually, as it does not trigger immediate errors but accumulates over time.

Vulnerability Details

• Issue:

  • Solidity performs integer division where decimals are truncated.

  • If division-based calculations are used for proportional fund distributions, rewards, or user share calculations, small precision losses accumulate over time.

• Original Code (Simplified Representation):

• Problem:

  • If totalReward * userShare results in a value that is not perfectly divisible by totalShares, Solidity rounds down the result.

  • This leads to tiny but cumulative losses, where users collectively receive slightly less than totalReward, and the contract may accumulate unallocated tokens over time.

Impact

• Minor Financial Discrepancies: Affected users might receive slightly fewer tokens than expected.

• Unclaimed Funds Accumulation: The contract may build up small amounts of "lost" funds.

• Long-Term Drift: In large-scale systems, this can cause protocol-wide accounting mismatches.

Tool Used

• Static Code Analysis: Detected integer division in financial calculations.

• Simulations: Observed discrepancies in user balances over multiple transactions.

Recommendations

• Fix: Use rounding-safe math functions to avoid truncation errors.

• Enhancement: Introduce a compensation mechanism to distribute residual amounts fairly.

• Audit: Review all division operations affecting balances.

Updated Code

Explainations

• Math.mulDiv() from OpenZeppelin ensures proper rounding instead of truncation.

• Eliminates rounding drift by correctly allocating 100% of rewards.