Summary

There is a minor precision loss issue in the buyOutEstateNFT() function due to performing division before multiplication in the calculation of the finalAmount.

Vulnerability Details

Affected code:

• buyOutEstateNFT()

In the formula for calculating the finalAmount, the contract first divides the value by the number of beneficiaries and then multiplies by the multiplier. This can result in a slight precision loss due to the nature of division in Solidity.

uint256 finalAmount = (value / divisor) * multiplier;

Since division truncates the result (removes decimals), the multiplication step later does not fully recover this lost precision, potentially resulting in a small discrepancy in the final amount.

Impact

While this issue results in a small precision loss, its actual impact on the contract's functionality is minimal because:

• The value of the estate is likely to be much higher than typical values that would be affected by this loss.

• The loss in precision would be very small (typically fractions of a token).

• Even if a token with less decimals like GUSD (Gemini Dollar) is used the value of the NFT should be very low which is highly unlikely but not impossible.

• There is no financial loss, and the system still functions as intended, albeit with slight inaccuracies in the final amounts being transferred.

Tools Used

• Manual review

Recommendations

To avoid this issue, consider switching the order of operations, performing multiplication first and then division. While this isn't a critical issue, it is good practice to handle division and multiplication in a way that minimizes potential precision loss. Always multiplication before division.