verifyfirst
commented
3 years ago Solidity no longer needs safeMath
Closed code423n4 closed 3 years ago
verifyfirst
commented
3 years ago Solidity no longer needs safeMath
ghoul-sol
commented
3 years ago per sponsor comment, invalid
Handle
heiho1
Vulnerability details
Impact
Dao.calcReward(address) on lines 203 and 204 are potentially problematic in that division may potentially truncate values resulting in loss of precision.
Proof of Concept
https://github.com/code-423n4/2021-07-spartan/blob/e2555aab44d9760fdd640df9095b7235b70f035e/contracts/Dao.sol#L203
https://github.com/code-423n4/2021-07-spartan/blob/e2555aab44d9760fdd640df9095b7235b70f035e/contracts/Dao.sol#L204
https://medium.com/@soliditydeveloper.com/solidity-design-patterns-multiply-before-dividing-407980646f7
Tools Used
Slither
Recommended Mitigation Steps
Potentially this issue is lessened with recent Solidity over/underflow changes but OpenZeppelin SafeMath for uints may be a more explicit safeguard:
https://docs.openzeppelin.com/contracts/2.x/api/math