Rock Paper Scissors
First Flight #38
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

ETH Dust Accumulation Due to Rounding

mishoko

Summary

ETH Dust Accumulation Due to Rounding

Vulnerability Details

When handling ties in ETH games, if the calculated refund per player is not evenly divisible, the contract will permanently retain dust amounts:

// In _handleTie() function
uint256 totalPot = game.bet * 2;
uint256 fee = (totalPot * PROTOCOL_FEE_PERCENT) / 100;
uint256 refundPerPlayer = (totalPot - fee) / 2;

Impact

Low. Small amounts of ETH will be permanently trapped in the contract with no mechanism to extract them. Over many games with odd bet amounts, this dust will accumulate.

Proof of Concept

For a bet of 105 wei:

  • Total pot = 210 wei

  • Fee (10%) = 21 wei

  • Remaining = 189 wei

  • Each player gets 94 wei (due to integer division)

  • Result: 1 wei is trapped permanently

Tools Used

  • Manual code review

Recommendations

Include a mechanism to account for rounding errors:

uint256 totalPot = game.bet * 2;
uint256 fee = (totalPot * PROTOCOL_FEE_PERCENT) / 100;
uint256 remainingPot = totalPot - fee;
uint256 refundPerPlayer = remainingPot / 2;
uint256 dustAmount = remainingPot - (refundPerPlayer * 2);
// Add dust to fees
if (dustAmount > 0) {
accumulatedFees += dustAmount;
}
Updates

Appeal created

m3dython Lead Judge 2 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Rounding Error

The tie-handling logic loses one wei due to integer division

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.