search

sherlock-audit / 2024-02-mento-judging

3 stars 1 forks source link

ParthMandale - `Emission:calculateEmission` Rounding Error in Calculating Emission of Mento Token for specific emission Target #27

Closed sherlock-admin4 closed 7 months ago

sherlock-admin4 commented 7 months ago

ParthMandale

medium

Emission:calculateEmission Rounding Error in Calculating Emission of Mento Token for specific emission Target

ParthMandale

High

Emission:calculateEmission Rounding Error in Calculating Emission of Mento Token for specific emission Target

Summary

The calculateEmission function in the Emission.sol contract suffers from a rounding error due to integer division not being precise enough, potentially leading to incorrect emission amounts.

Vulnerability Detail

Loss of precision due to integer division without proper scaling.

  function calculateEmission() public view returns (uint256 amount) {
    uint256 t = (block.timestamp - emissionStartTime);

    // slither-disable-start divide-before-multiply
    uint256 term1 = (SCALER * t) / A;
    uint256 term2 = (term1 * t) / (2 * A);
    uint256 term3 = (term2 * t) / (3 * A);
    uint256 term4 = (term3 * t) / (4 * A);
    uint256 term5 = (term4 * t) / (5 * A);
    // slither-disable-end divide-before-multiply

    uint256 positiveAggregate = SCALER + term2 + term4;
    uint256 negativeAggregate = term1 + term3 + term5;

    // Avoiding underflow in case the scheduled amount is bigger than the total supply
    if (positiveAggregate < negativeAggregate) {
      return emissionSupply - totalEmittedAmount;
    }

    uint256 scheduledRemainingSupply = (emissionSupply * (positiveAggregate - negativeAggregate)) / SCALER;

 @>   amount = emissionSupply - scheduledRemainingSupply - totalEmittedAmount;

 }

Impact

This will result in emitting slightly more or fewer tokens than intended, leading to an inaccurate total supply over time.

Code Snippet

https://github.com/sherlock-audit/2024-02-mento/blob/main/mento-core/contracts/governance/Emission.sol#L124

Tool used

Manual Review

Recommendation

- amount = emissionSupply - scheduledRemainingSupply - totalEmittedAmount;
+ amount = (emissionSupply - scheduledRemainingSupply - totalEmittedAmount) / SCALER;
sherlock-admin2 commented 7 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

POC would have helped.

nevillehuang commented 7 months ago

Invalid, duplicate of #18, lacks required POC/numerical example required by sherlock rules