naps62
commented
2 years ago This was fixed in https://github.com/sandclock-org/solidity_contracts/pull/11/files
Closed code423n4 closed 2 years ago
naps62
commented
2 years ago This was fixed in https://github.com/sandclock-org/solidity_contracts/pull/11/files
Handle
pauliax
Vulnerability details
Impact
If the deposit contains multiple claims, it may introduce a small precision loss. In _createClaim when calculating the percentage it calculates the specific amount for that claim:
Due to multiplication / division imperfections, the total amount assigned to all the claims could be slightly smaller than the total amount that is later charged from the user.
Recommended Mitigation Steps
The imprecision should be pretty small but if you want to fix this, _createClaim could return the actual amount used, then _createDeposit could sum it up and deposit could transfer this final sum which should be <= _params.amount.