Closed code423n4 closed 1 year ago
https://github.com/code-423n4/2022-10-holograph/blob/24bc4d8dfeb6e4328d2c6291d20553b1d3eff00b/contracts/HolographOperator.sol#L1167-L1180
Solidity integer division might truncate. As a result, performing multiplication before division can sometimes avoid loss of precision.
In general, this is a problem due to precision. In this case, it also affects value of the bond, what makes me suggest medium severity.
Slither + manual analysis
Lack of precision due to the order of operations
This would return wrong correct amount of the bond, performing damage in value
Reorder the operations. For more info: https://github.com/crytic/slither/wiki/Detector-Documentation#divide-before-multiply
QA issue and poor submission.
Referenced code is not affected by the precision issue. Sponsor agrees that this is a QA issue.
Lines of code
https://github.com/code-423n4/2022-10-holograph/blob/24bc4d8dfeb6e4328d2c6291d20553b1d3eff00b/contracts/HolographOperator.sol#L1167-L1180
Vulnerability details
Divide before multiply affects precision
Impact
Solidity integer division might truncate. As a result, performing multiplication before division can sometimes avoid loss of precision.
Details
In general, this is a problem due to precision. In this case, it also affects value of the bond, what makes me suggest medium severity.
Tools
Slither + manual analysis
Proof of Concept
Lack of precision due to the order of operations
https://github.com/code-423n4/2022-10-holograph/blob/24bc4d8dfeb6e4328d2c6291d20553b1d3eff00b/contracts/HolographOperator.sol#L1167-L1180
This would return wrong correct amount of the bond, performing damage in value
Recommended Mitigation Steps
Reorder the operations. For more info: https://github.com/crytic/slither/wiki/Detector-Documentation#divide-before-multiply