search

code-423n4 / 2024-05-gondi-mitigation-findings

0 stars 0 forks source link

H-02 MitigationConfirmed #3

Open c4-bot-6 opened 5 months ago

c4-bot-6 commented 5 months ago

Lines of code

Vulnerability details

Comments

in the previous implementation Calculating _getWithdrawablePerShare() with no decimal places (e.g. 1e18). resulting in a possible 'round down' and loss of precision. This makes the total amount smaller when _getAvailable(), causing the amount to be locked.

Mitigation

https://github.com/pixeldaogg/florida-contracts/pull/362

Modify the following.

  1. Remove _getWithdrawablePerShare().
  2. modify _getAvailable(), use the formula: shares * withdrawablePerShare / totalShares - withdrawn. This formula, multiply first and then divide, no round down problem. mitigation resolved the original issue.

Conclusion

LGTM

c4-judge commented 5 months ago

alex-ppg marked the issue as satisfactory