search

sherlock-audit / 2024-06-magicsea-judging

2 stars 0 forks source link

Elegant Vanilla Crane - Division calculations rounding down leads to users receiving fewer rewards #722

Closed sherlock-admin3 closed 2 months ago

sherlock-admin3 commented 2 months ago

Elegant Vanilla Crane

Low/Info

Division calculations rounding down leads to users receiving fewer rewards

Summary

Certain division calculations will lead to the user receiving fewer rewards, or funds getting stuck in the contracts.

Vulnerability Detail

For example, when calculating emissionsPerSecond with an odd duration parameter, the final value will be rounded down, which means the user will receive a little less rewards than supposed.

Solidity: 10e18 / 19 == 526315789473684210 Python: 10e18 / 19 == 526315789473684224

Impact

User will receive fewer rewards than supposed.

Code Snippet

https://github.com/sherlock-audit/2024-06-magicsea/blob/main/magicsea-staking/src/rewarders/BribeRewarder.sol#L308

Tool used

Manual Review, Foundry

Recommendation

Use the SafeMath library by OpenZeppelin

0xSmartContract commented 1 month ago

This issue was submitted as low/info.