Submission Details
Severity:
Rounding Dust Locks Assets
Description
Winners should fully drain the vault after final withdrawals.
Math.mulDivrounds down; without a “last user sweeps remainder” path, dust accumulates and the final withdrawer can lack funds.
// src/briVault.sol:305-314
uint256 vaultAsset = finalizedVaultAsset;
@>uint256 assetToWithdraw = Math.mulDiv(shares, vaultAsset, totalWinnerShares);
IERC20(asset()).safeTransfer(msg.sender, assetToWithdraw);
Risk
Likelihood:
Any time total assets aren’t evenly divisible by winner shares (most cases) dust occurs.
Tokens with low decimals exacerbate rounding error.
Impact:
Last withdrawer may receive slightly less or revert due to insufficient balance.
Dust builds up across tournaments, leaving stranded funds.
Proof of Concept
// 3 winners, each 100 shares, vault 1000 wei
// Each withdrawal gets 333 wei, leaving 1 wei stuck forever.
Recommended Mitigation
+ mapping(address => bool) public hasWithdrawn;
function withdraw() external winnerSet {
+ require(!hasWithdrawn[msg.sender], "already withdrawn");
uint256 shares = balanceOf(msg.sender);
uint256 vaultAsset = finalizedVaultAsset;
uint256 assetToWithdraw = Math.mulDiv(shares, vaultAsset, totalWinnerShares);
+ if (totalSupply() == shares) {
+ assetToWithdraw = IERC20(asset()).balanceOf(address(this));
+ }
_burn(msg.sender, shares);
+ hasWithdrawn[msg.sender] = true;
IERC20(asset()).safeTransfer(msg.sender, assetToWithdraw);
}
Rewards breakdown
nSLOC
193This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.