Closed sherlock-admin2 closed 1 month ago
1 comment(s) were left on this issue during the judging contest.
0xmystery commented:
invalid because getPendingPoints() will not practically be used till point farming has ended. The higher precision adopted is by design
0xAadi
medium
Unnecessary Scaling in _pendingPoints() Function
Summary
The
_pendingPoints()
function in theSophonFarming.sol
contract used to get the points which is used to airdrop to users later. But, the_pendingPoints()
function uses a different scaling mechanism other than_deposit()
used, which results in points being calculated differently from the_deposit()
function.Vulnerability Detail
The issue lies in the unnecessary scaling with in the
_pendingPoints()
function, which causes points to be calculated incorrectly compared to the_deposit()
function.Please see the code
Please see line 361 and 373, which is used a different scaling than
_deposit()
and in line 381 scaled down with 1e36 to balance the previous scaling but it should scaled dow with 1e18 too, Please see the_deposit()
Impact
This issue can lead to discrepancies in the calculation of points, potentially affecting the accuracy of rewards earned by users.
Code Snippet
https://github.com/sherlock-audit/2024-05-sophon/blob/05059e53755f24ae9e3a3bb2996de15df0289a6c/farming-contracts/contracts/farm/SophonFarming.sol#L357C1-L384C6
Tool used
Manual Review
Recommendation
Remove the unnecessary scaling with 1e18 in the _pendingPoints() function to ensure consistent calculation of points with the deposit() function.