Open c4-submissions opened 11 months ago
minhquanym marked the issue as insufficient quality report
negligible loss. Consider QA
minhquanym marked the issue as primary issue
MarioPoneder changed the severity to QA (Quality Assurance)
MarioPoneder marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2023-11-canto/blob/ffda16eee803a256d18ce90e740d71e986dee1e7/1155tech-contracts/src/Market.sol#L285 https://github.com/code-423n4/2023-11-canto/blob/ffda16eee803a256d18ce90e740d71e986dee1e7/1155tech-contracts/src/Market.sol#L290
Vulnerability details
Impact
Performing division before multiplication can lead to precision loss. If the dividend is large, dividing early can lead to truncation or rounding errors.
If the divisor can be zero and you divide before checking, it may result in a runtime error or unexpected behavior, potentially leaving the contract in an inconsistent state.
In certain financial or mathematical calculations, the order of operations can impact the security of the contract. Incorrect calculations may lead to unintended financial consequences.
Proof of Concept
Market._splitFees(uint256,uint256,uint256) (1155tech-contracts/src/Market.sol#280-296) performs a multiplication on the result of a division:
Tools Used
Manual Review
Recommended Mitigation Steps
Consider ordering multiplication before division.
Assessed type
Math