Bid Beasts
First Flight #49
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Precision loss in fee calculation in `_executeSale()`

0xon3_7zr8

Impact: Minor rounding errors in fee calculation; seller or marketplace may lose/overpay small fractions of ETH. (Severity: Low)

Likelihood: Low — occurs only for bids where (bid.amount * S_FEE_PERCENTAGE) % 100 != 0.

Scope (affected files):

  • src/BidBeastsNFTMarket.sol (function: _executeSale())

Description (Root + Impact)

Normal behaviour:
Fee calculation should accurately deduct the marketplace fee from the winning bid.

Issue:
Currently, the fee is calculated as:

uint256 fee = (bid.amount * S_FEE_PERCENTAGE) / 100; //@audit precision loss

  • Solidity integer division truncates any remainder.

  • This can lead to tiny rounding errors, especially for non-whole-number ETH amounts.

Impact:

  • Seller may receive slightly less than expected.

  • Marketplace may collect slightly less in fees.

  • Mostly low-severity but could add up in high-volume markets.

Proof of Concept

// Example:
uint256 bidAmount = 1 wei;
uint256 fee = (bidAmount * 5) / 100; // results in 0 due to truncation
// Seller receives 1 - 0 = 1 wei (fee under-collected)

Recommended Mitigation

- uint256 fee = (bid.amount * S_FEE_PERCENTAGE) / 100;
+ // Use OpenZeppelin Math.mulDiv for full precision
+ uint256 fee = Math.mulDiv(bid.amount, S_FEE_PERCENTAGE, 100);

Updates

Lead Judging Commences

cryptoghost Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

BidBeasts Marketplace: Integer Division Precision Loss

Integer division in requiredAmount truncates fractions, allowing bids slightly lower than intended.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!