search

code-423n4 / 2022-10-holograph-findings

1 stars 0 forks source link

# Divide before multiply affects precision #485

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2022-10-holograph/blob/24bc4d8dfeb6e4328d2c6291d20553b1d3eff00b/contracts/HolographOperator.sol#L1167-L1180

Vulnerability details

Divide before multiply affects precision

Impact

Solidity integer division might truncate. As a result, performing multiplication before division can sometimes avoid loss of precision.

Details

In general, this is a problem due to precision. In this case, it also affects value of the bond, what makes me suggest medium severity.

Tools

Slither + manual analysis

Proof of Concept

Lack of precision due to the order of operations

https://github.com/code-423n4/2022-10-holograph/blob/24bc4d8dfeb6e4328d2c6291d20553b1d3eff00b/contracts/HolographOperator.sol#L1167-L1180

This would return wrong correct amount of the bond, performing damage in value

Recommended Mitigation Steps

Reorder the operations. For more info: https://github.com/crytic/slither/wiki/Detector-Documentation#divide-before-multiply

gzeoneth commented 1 year ago

QA issue and poor submission.

ACC01ADE commented 1 year ago

Referenced code is not affected by the precision issue. Sponsor agrees that this is a QA issue.