Issue is Integer Division Truncation happening in `buyOutEstateNFT` function.Solidity performs integer division, any remainder from value / divisor is truncated, which can cause precision loss when multiplied by multiplier.
Summary
The expression:
uint256 finalAmount = (value / divisor) * multiplier; in the contract InheritanceManager::buyOutEstateNFT
is vulnerable to precision loss due to Solidity’s integer division behavior. Since Solidity truncates decimals in division, any remainder from value / divisor is discarded before multiplying by multiplier. This can result in incorrect fund distribution, rounding errors, or unintended discrepancies in calculations.
Vulnerability Details
The expression:
uint256 finalAmount = (value / divisor) * multiplier; in the contract InheritanceManager::buyOutEstateNFT
is vulnerable to precision loss due to Solidity’s integer division behavior. Since Solidity truncates decimals in division, any remainder from value / divisor is discarded before multiplying by multiplier. This can result in incorrect fund distribution, rounding errors, or unintended discrepancies in calculations.
Impact
The contract might underpay or overpay and The error accumulates when dealing with large sums or multiple transactions.consider an example where it breaks
Tools Used
Recommendations
A better approach would be multiplication First to Avoid Precision Loss.uint256 finalAmount = (value * multiplier) / divisor;
more accurate than the original approach.
orginal approach - uint256 finalAmount = (value / divisor) * multiplier;
After refactor - uint256 finalAmount = (value * multiplier) / divisor;
Lead Judging Commences
buyOutNFT has wrong denominator
truncation of integers
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.