Precision Loss in function _finishGame
Summary:
Solidity performs all arithmetic operations using integers. When a division operation yields a non-integer result, the fractional part is discarded (truncated). This behavior can lead to underestimations in calculated values.
Vulnerability Details:
If totalPot is 3 wei and PROTOCOL_FEE_PERCENT is 33, then:
fee= (3 * 33) / 100 = 0.99 → truncated to 0 weiprize= 3 - 0 = 3 wei
In this case, the intended fee is lost due to truncation.
Real-World Implications: Such precision loss can be exploited. For instance, an attacker could repeatedly initiate transactions with amounts calculated to result in zero fees due to truncation, effectively bypassing fee mechanisms.
Impact:
1.Economic Loss: Accrued fees may be significantly lower than intended, leading to revenue losses for contract owners or platforms.
2.Incentive Misalignment: Users might be incentivized to engage in behaviors that exploit the precision loss, such as creating numerous small transactions to avoid fees
Tools Used: Mannual Review
Recommendations:
Ensure that a minimum fee is enforced to prevent zero-fee scenarios.
Appeal created
Rounding Error
The tie-handling logic loses one wei due to integer division
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.