Division Precision Loss in PlaceBid
Division Precision Loss in PlaceBid
Description
When a new bidder calls the function PlaceBid, the function will check if the bidding amount is bigger than the previous bidding. but on top of that, the protocol adds a 5% incremental percentage; this means the next bidder will need to have a bid amount higher than previousBid + 5%. It calculates in the following line:
Solidity use Fixed Point Arithmetic, that mean it doesn't support decimal value.
As a result, any non-integer value is truncated downward.
Risk
This characteristic of Solidity can lead to precision loss during numerical operations, especially when division is performed before multiplication, adversely affecting the accuracy of calculations. (https://lab.guardianaudits.com/encyclopedia-of-common-solidity-bugs/division-precision-loss)
Recommended Mitigation
The recommended approach is to perform the multiplication before the division :
Lead Judging Commences
BidBeast Marketplace: Unrestricted FailedCredits Withdrawal
withdrawAllFailedCredits allows any user to withdraw another account’s failed transfer credits due to improper use of msg.sender instead of _receiver for balance reset and transfer.
Appeal created
BidBeasts Marketplace: Integer Division Precision Loss
Integer division in requiredAmount truncates fractions, allowing bids slightly lower than intended.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.