Bid Beasts
First Flight #49
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Precision loss in fee calculation in `_executeSale()`

0xon3_7zr8

Impact: Minor rounding errors in fee calculation; seller or marketplace may lose/overpay small fractions of ETH. (Severity: Low)

Likelihood: Low — occurs only for bids where (bid.amount * S_FEE_PERCENTAGE) % 100 != 0.

Scope (affected files):

  • src/BidBeastsNFTMarket.sol (function: _executeSale())

Description (Root + Impact)

Normal behaviour:
Fee calculation should accurately deduct the marketplace fee from the winning bid.

Issue:
Currently, the fee is calculated as:

uint256 fee = (bid.amount * S_FEE_PERCENTAGE) / 100; //@audit precision loss

  • Solidity integer division truncates any remainder.

  • This can lead to tiny rounding errors, especially for non-whole-number ETH amounts.

Impact:

  • Seller may receive slightly less than expected.

  • Marketplace may collect slightly less in fees.

  • Mostly low-severity but could add up in high-volume markets.

Proof of Concept

// Example:
uint256 bidAmount = 1 wei;
uint256 fee = (bidAmount * 5) / 100; // results in 0 due to truncation
// Seller receives 1 - 0 = 1 wei (fee under-collected)

Recommended Mitigation

- uint256 fee = (bid.amount * S_FEE_PERCENTAGE) / 100;
+ // Use OpenZeppelin Math.mulDiv for full precision
+ uint256 fee = Math.mulDiv(bid.amount, S_FEE_PERCENTAGE, 100);

Updates

Lead Judging Commences

cryptoghost Lead Judge about 1 month ago
Submission Judgement Published
Validated
Assigned finding tags:

BidBeasts Marketplace: Integer Division Precision Loss

Integer division in requiredAmount truncates fractions, allowing bids slightly lower than intended.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.