search

sherlock-audit / 2023-10-looksrare-judging

6 stars 6 forks source link

Bauer - The calculation in the secondaryPrizePoolShareBp() function suffers from precision loss #55

Closed sherlock-admin2 closed 1 year ago

sherlock-admin2 commented 1 year ago

Bauer

medium

The calculation in the secondaryPrizePoolShareBp() function suffers from precision loss

Summary

Vulnerability Detail

This code snippet suffers from potential precision loss due to integer division. The issue arises from the use of integer division in the calculations, which can lead to the truncation of decimal places.

  function secondaryPrizePoolShareBp(uint256 placement) public pure returns (uint256 share) {
        share = (1_31817 * (995_000_000 / (placement * 49) - uint256(15_000_000) / 49)) / 1_000_000_000;
    }

To mitigate this precision loss, it is advisable to refactor the code by performing the multiplication with the constant factor before the division. Specifically, the calculation should be adjusted as follows:

(1_31817 * (995_000_000 - 1_31817 * uint256(15_000_000)) / (placement * 49)) / 1_000_000_000

Impact

This leads to inaccuracies in the calculation of the share.

Code Snippet

https://github.com/sherlock-audit/2023-10-looksrare/blob/main/contracts-infiltration/contracts/Infiltration.sol#L1060-L1062

Tool used

Manual Review

Recommendation

The suggested modification for the calculation is as follows:

(1_31817 * (995_000_000 - 1_31817 * uint256(15_000_000)) / (placement * 49)) / 1_000_000_000
nevillehuang commented 1 year ago

Completely wrong recommendation to change formula. Additionally, lack of explicit example to prove precision loss so invalid based on sherlock guidelines

In case of issues related to precision loss, there must be a valid POC/example showing the loss to justify the medium/high severity.