Open hats-bug-reporter[bot] opened 1 week ago
Thank you for your report on potential precision loss in token conversion and time calculations. After careful review, we've determined that this is not an issue.
Regarding the convertFromV1ToDemurrage function, we use an explicit ACCURACY parameter (10**8) to compensate for integer division, ensuring sufficient precision in our calculations.
As for time calculations, our definition of a 'day' is based on seconds and hours, which is the only precise way to track time in Solidity contracts. Calendar day tracking is not feasible within smart contract limitations, nor the intended design.
We appreciate your attention to precision in mathematical operations. However, it seems there might be some misunderstandings about Solidity's handling of overflows (which is managed by the compiler since Solidity v8) and the constraints of time tracking in smart contracts.
Your report demonstrates engagement with our system's mathematical operations, which we value. Thank you for your contribution to our ongoing security review process.
Github username: -- Twitter username: -- Submission hash (on-chain): 0x88e236915ae04b6d86151a528ba86514642a7490c66b95d02deb2fc07fb5ba6f Severity: low
Description: Description
Two smart contracts in the Circles V2 system, the
Migration.sol
andDemurrage.sol
, contain functions that perform calculations involving division operations. These operations can potentially lead to a loss of precision due to Solidity's integer division behavior.In
Migration.sol
:convertFromV1ToDemurrage
function performs complex calculations to convert token amounts from V1 to V2.In
Demurrage.sol
:day
function calculates the number of days since a reference point (inflationDayZero
).In both cases, Solidity's integer division behavior, which truncates any fractional part, can lead to a loss of precision. This is particularly problematic when dividing by large numbers or when the result of a division is very small.
Overview of potential Issues:
If these precision loss issues are not addressed, the issues that could arise are the following:
In
Migration.sol
:convertFromV1ToDemurrage
function could produce inaccurate conversion results.In
Demurrage.sol
:day
function's intentional rounding down to the nearest day could accumulate errors over time.This may lead to loss of user funds, inconsistencies in token economics, or erosion of trust in the platform.
Attachments
Comments on the revised code:
For
Migration.sol
:convertFromV1ToDemurrage
function.For
Demurrage.sol
:day
function, while the precision loss is intentional, we've added a check to ensure the result doesn't exceed the maximum value of uint64, preventing potential overflow issues.These modifications aim to mitigate precision loss and make the calculations more robust. However, it's crucial to thoroughly test these changes with a wide range of input values to ensure they meet the specific requirements of the Circles V2 system.