sherlock-admin2
commented
7 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid because { The watson failed to explain what to do with the remainder after takig account of it and the report is poorly written}
bigbick123456789000
medium
Incorrect
TELCOINDistribution Calculation in_retrieveFunctionSummary
The
_retrievefunction in theCouncilMembercontract contains an issue related to the calculation ofTELCOINdistribution. The problem lies in the calculation of theindividualBalance, where therunningBalanceis not properly adjusted, potentially leading to inaccurate distribution among council members.Vulnerability Detail
The vulnerable code snippet is as follows:
The issue arises in the calculation of
individualBalance, where it is computed based onfinalBalance, which already includes therunningBalance. Consequently, the subsequent update ofrunningBalancedoes not account for therunningBalanceitself, leading to potential inaccuracies inTELCOINdistribution.The purpose of the _retrieve function is to fetch the maximum possible TELCOIN and distribute it equally among all council members, updating the running balance to ensure accurate distribution during subsequent calls.
Impact
The impact of this issue is that the TELCOIN distribution among council members may not be accurate. Council members could receive more or fewer tokens than intended, affecting the fairness of the distribution mechanism.
Code Snippet
Link
Tool used
Manual Review
Recommendation
Calculation of
runningBalanceshould be adjusted to correctly represent the remainder after distributing TELCOIN equally among all council members.Duplicate of #161