Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Precision Loss in InheritanceManager::buyOutEstateNFT Due to Incorrect Order of Operations

olayinkablexxy

Summary

The InheritanceManager::buyOutEstateNFT function performs division before multiplication when calculating finalAmount. This leads to precision loss due to truncation in Solidity, as division operations discard fractional results. As a result, the calculated finalAmount may be less than the intended value, leading to incorrect payments and potential loss of funds for beneficiaries.

Vulnerability Details

Impact

Loss of funds as the beneficiaries will receive less than their fair share due to the truncation error.

Tools Used

  • Manual Review

Recommendations

Perform the multiplication first before division. This ensures that the intermediate result retains as much precision as possible before truncation occurs.

function buyOutEstateNFT(uint256 _nftID) external onlyBeneficiaryWithIsInherited {
uint256 value = nftValue[_nftID];
uint256 divisor = beneficiaries.length;
uint256 multiplier = beneficiaries.length - 1;
- uint256 finalAmount = (value / divisor) * multiplier;
+ uint256 finalAmount = (value * multiplier) / divisor;
IERC20(assetToPay).safeTransferFrom(msg.sender, address(this), finalAmount);
...
...
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

truncation of integers

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.