Closed code423n4 closed 2 years ago
0v3rf10w
divide-before-multiply can lead to miscalculation of fees in below function
divide-before-multiply
Vulnerable Function : Basket.handleFees(uint256) (Basket.sol#133-153) :
uint256 feePct = timeDiff * licenseFee / ONE_YEAR; uint256 fee = startSupply * feePct / (BASE - feePct); _mint(publisher, fee * (BASE - factory.ownerSplit()) / BASE); _mint(Ownable(address(factory)).owner(), fee * factory.ownerSplit() / BASE);
Manual and Slither
Consider ordering multiplication before division to prevent miscalculation
Duplicate of #60
Handle
0v3rf10w
Vulnerability details
Impact
divide-before-multiply
can lead to miscalculation of fees in below functionProof of Concept
Vulnerable Function : Basket.handleFees(uint256) (Basket.sol#133-153) :
Tools Used
Manual and Slither
Recommended Mitigation Steps
Consider ordering multiplication before division to prevent miscalculation