Accumulated Discrepancies from Repeated Rounding in Token Conversion
Summary
The OperationalStaking contract contains conversion functions like _sharesToTokens and _tokensToShares that are vulnerable to rounding errors leading to balance discrepancies over time.
Vulnerability Detail
The logic uses fixed-point arithmetic to convert between shares and tokens. However, the use of the DIVIDER constant and rounding down can introduce minor discrepancies that accumulate through repeated transactions.
Impact
Users may notice inconsistent staked balances and rewards, potentially losing trust. Large unaccounted rounding errors may also represent a monetary loss for users.
cheatcode
medium
Accumulated Discrepancies from Repeated Rounding in Token Conversion
Summary
The
OperationalStakingcontract contains conversion functions like_sharesToTokensand_tokensToSharesthat are vulnerable to rounding errors leading to balance discrepancies over time.Vulnerability Detail
The logic uses fixed-point arithmetic to convert between shares and tokens. However, the use of the
DIVIDERconstant and rounding down can introduce minor discrepancies that accumulate through repeated transactions.Impact
Users may notice inconsistent staked balances and rewards, potentially losing trust. Large unaccounted rounding errors may also represent a monetary loss for users.
Code Snippet
https://github.com/sherlock-audit/2023-11-covalent/blob/main/cqt-staking/contracts/OperationalStaking.sol#L386C5-L396C1
Tool Used
Manual review
Recommendation
Higher precision constants
Duplicate of #39