Lucene search
Code4renaCODE423N4:2023-03-WENWIN-FINDINGS-ISSUES-372HistoryMar 09, 2023 - 12:00 a.m.
Division before multiplication lead to truncation
2023-03-0900:00:00
Code4rena
github.com
6
truncation
staking contract
vulnerability
mitigation
calculation
Vulnerability details
Impact
Calculation could result in truncation.
Proof of Concept
Staking.sol#L60-L64 :
function earned(address account) public view override returns (uint256 _earned) {
return balanceOf(account) * (rewardPerToken() - userRewardPerTokenPaid[account]) / 1e18 + rewards[account];
}
above function calculates earned value by dividing the remaining reward with 1e18. here, 1e18 is such a huge value. This would possibly lead to truncation.
Tools Used
Manual review
Recommended Mitigation Steps
function earned(address account) public view override returns (uint256 _earned) {
---return balanceOf(account) * (rewardPerToken() - userRewardPerTokenPaid[account]) / 1e18 + rewards[account];
+++return (balanceOf(account) * (rewardPerToken() - userRewardPerTokenPaid[account])) / 1e18 + rewards[account];
}
The text was updated successfully, but these errors were encountered:
All reactions