The contract's NukeFactor calculation does not match the whitepaper's specification of having a range from 0 to 50%. Currently, NukeFactor is computed as follows:
nukeFactor = entropy / 4000000;
Impact
1.Limited Range: NukeFactor will always be 0 for entropy values less than 4,000,000, and only starts to increase after that threshold.
2.Reduced Distribution: This calculation constrains the range and distribution of NukeFactor values, not aligning with the intended 0-50% range.
Proof of Concept
For various entropy values:
With entropy = 3,999,999, nukeFactor = 0
With entropy = 4,000,000, nukeFactor = 1
With entropy = 999,999 (maximum possible), nukeFactor = 0
Lines of code
https://github.com/code-423n4/2024-07-traitforge/blob/279b2887e3d38bc219a05d332cbcb0655b2dc644/contracts/EntropyGenerator/EntropyGenerator.sol#L152
Vulnerability details
Description
The contract's
NukeFactor
calculation does not match the whitepaper's specification of having a range from 0 to 50%. Currently,NukeFactor
is computed as follows:Impact
1.Limited Range:
NukeFactor
will always be 0 for entropy values less than 4,000,000, and only starts to increase after that threshold. 2.Reduced Distribution: This calculation constrains the range and distribution ofNukeFactor
values, not aligning with the intended 0-50% range.Proof of Concept
For various
entropy
values:With
entropy = 3,999,999
,nukeFactor = 0
Withentropy = 4,000,000
,nukeFactor = 1
Withentropy = 999,999
(maximum possible),nukeFactor
= 0Tools Used
Manual Review
Recommended Mitigation Steps
Assessed type
Math