Incorrect calculation for the payment amount in buyOutEstateNFT
Summary
The buyOutEstateNFT function in the InheritanceManager contract contains an incorrect calculation for the payment amount when a beneficiary buys out an NFT representing a real-world asset. The calculation uses integer division before multiplication, which leads to rounding errors and incorrect payouts to beneficiaries.
Vulnerability Details
The issue arises because the calculation (value / divisor) * multiplier performs integer division before multiplication. This results in loss of precision due to rounding down during the division step. For example:
This rounding error causes beneficiaries to receive less than their fair share.
Impact
Beneficiaries receive incorrect amounts due to rounding errors, leading to unfair payouts.
Tools Used
Manual code review
Recommendations
To fix the issue, the calculation should be adjusted to perform multiplication before division to minimize rounding errors
Lead Judging Commences
buyOutNFT has wrong denominator
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.