Unchecked Math Precision Loss inside the `VestedAirdrop::_calculate_vested_amount` function.
Description: In the _calculate_vested_amount function, the calculation (linear_vesting * elapsed) // vesting_duration can result in precision loss, especially for small values of elapsed relative to vesting_duration. This can lead to users receiving fewer tokens than they should during the early stages of vesting.
Line 150:
Impact: Users might receive fewer tokens than expected during the early phases of the vesting period. In extreme cases with very small token amounts, this could result in users receiving no tokens until a significant portion of the vesting period has elapsed.
Proof of Concept: Assume linear_vesting = 69 and vesting_duration = 365 days:
If
elapsed = 1 day, the calculation becomes(69 * 1) // 365 = 0The user would receive nothing from the linear vesting portion until enough days have passed
Recommended Mitigation: Use a higher precision calculation by scaling up before division:
Or consider using a library for fixed-point arithmetic to handle these calculations with greater precision.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.