c4-pre-sort
commented
11 months ago minhquanym marked the issue as insufficient quality report
Open c4-submissions opened 11 months ago
c4-pre-sort
commented
11 months ago minhquanym marked the issue as insufficient quality report
minhquanym
commented
11 months ago negligible loss. Consider QA
c4-pre-sort
commented
11 months ago minhquanym marked the issue as primary issue
c4-judge
commented
10 months ago MarioPoneder changed the severity to QA (Quality Assurance)
c4-judge
commented
10 months ago MarioPoneder marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2023-11-canto/blob/ffda16eee803a256d18ce90e740d71e986dee1e7/1155tech-contracts/src/Market.sol#L285 https://github.com/code-423n4/2023-11-canto/blob/ffda16eee803a256d18ce90e740d71e986dee1e7/1155tech-contracts/src/Market.sol#L290
Vulnerability details
Impact
Performing division before multiplication can lead to precision loss. If the dividend is large, dividing early can lead to truncation or rounding errors.
If the divisor can be zero and you divide before checking, it may result in a runtime error or unexpected behavior, potentially leaving the contract in an inconsistent state.
In certain financial or mathematical calculations, the order of operations can impact the security of the contract. Incorrect calculations may lead to unintended financial consequences.
Proof of Concept
Market._splitFees(uint256,uint256,uint256) (1155tech-contracts/src/Market.sol#280-296) performs a multiplication on the result of a division:
Tools Used
Manual Review
Recommended Mitigation Steps
Consider ordering multiplication before division.
Assessed type
Math