search

code-423n4 / 2024-07-traitforge-findings

1 stars 0 forks source link

Alignation mismatch in NukeFactor #323

Closed howlbot-integration[bot] closed 2 months ago

howlbot-integration[bot] commented 2 months ago

Lines of code

https://github.com/code-423n4/2024-07-traitforge/blob/279b2887e3d38bc219a05d332cbcb0655b2dc644/contracts/EntropyGenerator/EntropyGenerator.sol#L152

Vulnerability details

Description

The contract's NukeFactor calculation does not match the whitepaper's specification of having a range from 0 to 50%. Currently, NukeFactor is computed as follows:

nukeFactor = entropy / 4000000;

Impact

1.Limited Range: NukeFactor will always be 0 for entropy values less than 4,000,000, and only starts to increase after that threshold. 2.Reduced Distribution: This calculation constrains the range and distribution of NukeFactor values, not aligning with the intended 0-50% range.

Proof of Concept

For various entropy values:

With entropy = 3,999,999, nukeFactor = 0 With entropy = 4,000,000, nukeFactor = 1 With entropy = 999,999 (maximum possible), nukeFactor = 0

Tools Used

Manual Review

Recommended Mitigation Steps

  1. Adjust Calculation for Correct Range: 
    nukeFactor = (entropy * 50) / 1000000;

Assessed type

Math

c4-judge commented 2 months ago

koolexcrypto changed the severity to QA (Quality Assurance)

c4-judge commented 2 months ago

koolexcrypto marked the issue as grade-c