Kogaroshi
commented
2 years ago Duplicate of https://github.com/code-423n4/2022-03-paladin-findings/issues/44 See in the linked Issue for PR with changes
Closed code423n4 closed 2 years ago
Kogaroshi
commented
2 years ago Duplicate of https://github.com/code-423n4/2022-03-paladin-findings/issues/44 See in the linked Issue for PR with changes
0xean
commented
2 years ago upgrading per #44
Lines of code
https://github.com/code-423n4/2022-03-paladin/blob/9c26ec8556298fb1dc3cf71f471aadad3a5c74a0/contracts/HolyPaladinToken.sol#L729-L730
Vulnerability details
Impact
In line 729 of
HolyPaladinToken.sola huge precision loss occurs ifdropDecreaseDurationis not a multiple ofMONTH.In its current implementation
dropDecreaseDuration / MONTHwill get rounded down, which means thatdropDecreaseDurationof 1 month and 29 days will be treated in this function as if it was set to exactly 1 month.Recommended mitigation steps
There are two obvious solutions to this problem, either make teh distribution changing linearly, not in jumps per month (this will just involve crossing out
MONTHvariable in lines 729-730) or require that thedropDecreaseDurationis a multiple ofMONTHwhile setting it