c4-judge
commented
1 year ago kirk-baird changed the severity to QA (Quality Assurance)
Closed code423n4 closed 1 year ago
c4-judge
commented
1 year ago kirk-baird changed the severity to QA (Quality Assurance)
c4-sponsor
commented
1 year ago waynehoover marked the issue as sponsor acknowledged
kirk-baird
commented
1 year ago Valid issue but insufficient number of issues to qualify for grade-b
c4-judge
commented
1 year ago kirk-baird marked the issue as grade-c
Lines of code
https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d//contracts/Erc20Quest.sol#L97 https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d//contracts/Erc20Quest.sol#L53 https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d//contracts/RabbitHoleTickets.sol#L113 https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d//contracts/RabbitHoleReceipt.sol#L184
Vulnerability details
Summary
Some operations may give 0 as result due to not checks and solidity rounding
Vulnerability Detail
Assuming for example
salePrice = 100 and royaltyFee = 90, result will be 0
uint256 royaltyPayment = (salePrice_ * royaltyFee) / 10_000;Impact
Some values are rounded down if not enough big the params
Code Snippet
RabbitHoleReceipt.sol#L184 uint256 royaltyPayment = (salePrice_ * royaltyFee) / 10_000;
RabbitHoleTickets.sol#L113 uint256 royaltyPayment = (salePrice_ * royaltyFee) / 10_000;
Erc20Quest.sol#L53 return (maxTotalRewards() * questFee) / 10_000;
Erc20Quest.sol#L97 return (receiptRedeemers() rewardAmountInWeiOrTokenId questFee) / 10_000;
Tool used
Manual analysis
Recommendation
Check that values are bigger than 10_000 before dividing it, and revert if so