Precision_Loss

[sherlock-admin2]

Precision_Loss

Low/Info issue submitted by petarP1998

Summary

The lockedProfit function in the current implementation is losing precision during its calculation.

Vulnerability Detail

In the lockedProfit function, the calculation of remaining time and its usage in the computation of totalLocked0 and totalLocked1 leads to a loss of precision. This happens because integer division is used, which truncates the result rather than rounding, causing potential inaccuracies in the locked profit values.

https://github.com/sherlock-audit/2024-05-beefy-cowcentrated-liquidity-manager/blob/main/cowcentrated-contracts/contracts/strategies/StratFeeManagerInitializable.sol#L184-L188

Impact

The precision loss in the lockedProfit calculations can result in inaccurate values being returned. This might lead to financial discrepancies in the system, affecting the proper accounting of locked profits and potentially resulting in financial losses or inconsistencies.

Code Snippet

function lockedProfit() public virtual view returns (uint256 locked0, uint256 locked1) {
        uint256 elapsed = block.timestamp - lastHarvest;
        uint256 remaining = elapsed < DURATION ? DURATION - elapsed : 0;
        return (totalLocked0 * remaining / DURATION, totalLocked1 * remaining / DURATION);
    }

Tool used

Manual Review

Recommendation

To avoid precision loss, consider using a higher precision arithmetic or fixed-point arithmetic library. Alternatively, ensure that calculations maintain precision by structuring the operations to minimize truncation errors, such as performing multiplications before divisions.