Closed code423n4 closed 1 year ago
https://github.com/PartyDAO/party-contracts-c4/blob/3896577b8f0fa16cba129dc2867aba786b730c1b/contracts/distribution/TokenDistributor.sol#L352-L353
fee and memberSupply calculation will be inaccurate.
fee
memberSupply
// contracts/distribution/TokenDistributor.sol 352-353: uint128 fee = supply * args.feeBps / 1e4; uint128 memberSupply = supply - fee;
When supply is low, fee could round down to 0, which further affects memberSupply calculation.
Manual analysis.
Check fee value, and round up if needed.
Fees aren't critical to the protocol, so computing a 0 fee for (unlikely) low denomination ERC20s is acceptable.
Who doesn't like 0 fees? :) Does not seem harmful, closing as invalid.
Lines of code
https://github.com/PartyDAO/party-contracts-c4/blob/3896577b8f0fa16cba129dc2867aba786b730c1b/contracts/distribution/TokenDistributor.sol#L352-L353
Vulnerability details
Impact
fee
andmemberSupply
calculation will be inaccurate.Proof of Concept
When supply is low,
fee
could round down to 0, which further affectsmemberSupply
calculation.Tools Used
Manual analysis.
Recommended Mitigation Steps
Check
fee
value, and round up if needed.