search

sherlock-audit / 2022-11-nounsdao-judging

4 stars 0 forks source link

WATCHPUG - Unnecessary precision loss in `_recipientBalance()` #70

Open sherlock-admin opened 1 year ago

sherlock-admin commented 1 year ago

WATCHPUG

medium

Unnecessary precision loss in _recipientBalance()

Summary

Using ratePerSecond() to calculate the _recipientBalance() incurs an unnecessary precision loss.

Vulnerability Detail

The current formula in _recipientBalance() to calculate the vested amount (balance) incurs an unnecessary precision loss, as it includes div before mul:

balance = elapsedTime_ * (RATE_DECIMALS_MULTIPLIER * tokenAmount_ / duration) / RATE_DECIMALS_MULTIPLIER

This can be avoided and the improved formula can also save some gas.

Impact

Precision loss in _recipientBalance().

Code Snippet

https://github.com/sherlock-audit/2022-11-nounsdao/blob/main/src/Stream.sol#L341-L344

Tool used

Manual Review

Recommendation

Consdier changing to:

balance = elapsedTime_ * tokenAmount_ / duration
eladmallel commented 1 year ago

Fix PR: https://github.com/nounsDAO/streamer/pull/7

jack-the-pug commented 1 year ago

Fix confirmed!