745 for (uint256 i = 0; i < configsLen; i++) {
(uint256 amtPerSec, uint256 start, uint256 end) = _getConfig(configs, i);
// slither-disable-next-line timestamp
if (maxEnd <= start) {
continue;
}
// slither-disable-next-line timestamp
if (end > maxEnd) {
end = maxEnd;
}
755 spent += _drippedAmt(amtPerSec, start, end);
if (spent > balance) {
return false;
}
Due to this roundoff error it could be returned false here. (spent > balance). But in some cases balance could be able to cover the spent.Also
it could be even worse due to this adding rounded off values.
Lines of code
https://github.com/code-423n4/2023-01-drips/blob/main/src/Drips.sol#L1104 https://github.com/code-423n4/2023-01-drips/blob/main/src/Drips.sol#L755
Vulnerability details
Mathematical Modelling Cause a Significant Roundoff Error
Function _drippedAmt calculates the ended cycles. when calculating ended cycles it takes two divisions which cause round off error.
Let's consider this scenario.
with above conditions when calculating the ended cycles with the equation used line 1104
endedCycles = 1675444700/10 - 1675444689/10 = 167544470 - 167544468 = 2
amtPerCycle = 10 x 100000000 / 10^9 = 1
amt = 2x1
amtEnd = 0x10^8/10^9 = 0
amt = 2
amtStart = 9x10^8/10^9 = 0
amt = 2 wei
But amt should be = (end - start)x amtPerSec = 11x 10^8 = 1.1x 10^9 = 1.1 wei
https://github.com/code-423n4/2023-01-drips/blob/main/src/Drips.sol#L1104
This is affecting _isBalanceEnough function
Due to this roundoff error it could be returned false here. (spent > balance). But in some cases balance could be able to cover the spent.Also it could be even worse due to this adding rounded off values.
https://github.com/code-423n4/2023-01-drips/blob/main/src/Drips.sol#L755
https://github.com/code-423n4/2023-01-drips/blob/main/src/Drips.sol#L495
Tools Used
Vs code
Recommended Mitigation Steps
Use below equation to calculate _drippedAmt
if need more precision