Closed sherlock-admin2 closed 7 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid because { The watson failed to explain what to do with the remainder after takig account of it and the report is poorly written}
bigbick123456789000
medium
Incorrect
TELCOIN
Distribution Calculation in_retrieve
FunctionSummary
The
_retrieve
function in theCouncilMember
contract contains an issue related to the calculation ofTELCOIN
distribution. The problem lies in the calculation of theindividualBalance
, where therunningBalance
is not properly adjusted, potentially leading to inaccurate distribution among council members.Vulnerability Detail
The vulnerable code snippet is as follows:
The issue arises in the calculation of
individualBalance
, where it is computed based onfinalBalance
, which already includes therunningBalance
. Consequently, the subsequent update ofrunningBalance
does not account for therunningBalance
itself, leading to potential inaccuracies inTELCOIN
distribution.The purpose of the _retrieve function is to fetch the maximum possible TELCOIN and distribute it equally among all council members, updating the running balance to ensure accurate distribution during subsequent calls.
Impact
The impact of this issue is that the TELCOIN distribution among council members may not be accurate. Council members could receive more or fewer tokens than intended, affecting the fairness of the distribution mechanism.
Code Snippet
Link
Tool used
Manual Review
Recommendation
Calculation of
runningBalance
should be adjusted to correctly represent the remainder after distributing TELCOIN equally among all council members.Duplicate of #161