Closed sherlock-admin2 closed 6 months ago
The running balance is not assigned to a token ID. This amount remains unallocated until the next time _retrieve()
is called. In the above description .90 TEL is set aside and added next time around to be equally divided by the totalSupply()
.
Invalid, agree with sponsor.
almurhasan
high
runningBalance calculation is wrong in the function _retrieve(CouncilMember contract)
Summary
runningBalance calculation is wrong in the function _retrieve(CouncilMember contract)
Vulnerability Detail
See the function _retrieve,
Impact
Wrong calculation leads to council members getting less rewards.
Code Snippet
https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/sablier/core/CouncilMember.sol#L289C31-L289C31
Tool used
Manual Review
Recommendation
Calculate like this, runningBalance = (finalBalance % totalSupply)*totalSupply.