Closed code423n4 closed 3 years ago
itsmeSTYJ
If numerator is less than denominator when calculating priceDrop, it will return 0 since Solidity cannot express decimals i.e. the price drop intervals are too small.
https://github.com/sushiswap/miso/blob/2cdb1486a55ded55c81898b7be8811cb68cfda9e/contracts/Auctions/DutchAuction.sol#L331
If numerator is < denominator, the division will round down to 0.
A simple example:
In order for this to go to 0, I just need to have auction duration longer than 500000 seconds or 5.8 days.
Duplicate of #108
Clearwood
commented
3 years ago
Handle
itsmeSTYJ
Vulnerability details
Impact
If numerator is less than denominator when calculating priceDrop, it will return 0 since Solidity cannot express decimals i.e. the price drop intervals are too small.
Proof of Concept
https://github.com/sushiswap/miso/blob/2cdb1486a55ded55c81898b7be8811cb68cfda9e/contracts/Auctions/DutchAuction.sol#L331
If numerator is < denominator, the division will round down to 0.
A simple example:
In order for this to go to 0, I just need to have auction duration longer than 500000 seconds or 5.8 days.