A precision loss vulnerability exists in the _handleTie
function due to improper handling of integer division in Solidity. Specifically, when refunding ETH to players after a draw, the contract performs a division that may result in a remainder. This leads to permanent loss (or lock-up) of funds within the contract and disrupts financial accuracy
Solidity performs integer division with truncation toward zero. If (totalPot - fee)
is an odd number, 1 wei will remain unallocated, leading to:
Example:
totalPot = 101 wei
→ fee = 10 wei
(10%)
101 - 10 = 91 wei
→ 91 / 2 = 45 wei
(per player)
Result: Players get 90 wei total (1 wei locked forever)
permanent loss of funds
manual, foundry
Update the refund logic to handle division remainders:
This ensures all wei are accounted for, and no ETH is unintentionally trapped.
The tie-handling logic loses one wei due to integer division
The tie-handling logic loses one wei due to integer division
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.