This repository has been archived by the owner on Jun 2, 2024. It is now read-only.
0xHelium - getClaimableCyclesAndAmounts() getter function will return wrong ClaimableCyclesAndAmounts[] because of rounding issues #53
Labels
Excluded
Excluded by the judge without consulting the protocol or the senior
Non-Reward
This issue will not receive a payout
0xHelium
high
getClaimableCyclesAndAmounts() getter function will return wrong ClaimableCyclesAndAmounts[] because of rounding issues
Summary
getClaimableCyclesAndAmounts() function is used to get an array of token and reward associated to the Staking position sorted by cycleId. However this function will return wrong values in certain cases causing a difference between real rewards and what is actually returned.
Vulnerability Detail
getClaimableCyclesAndAmounts() function will cause a loss of precision when calculating the cvgAmount. This code is where the issue happens.
For example:
Impact
Function will return a value different than the real value.
Code Snippet
https://github.com/sherlock-audit/2023-11-convergence/blob/main/sherlock-cvg/contracts/Staking/StakeDAO/SdtStakingPositionService.sol#L1027
Tool used
Manual Review,
VsCode
Recommendation
Use a multiplier for making operations that can lead to rounding down issues
The text was updated successfully, but these errors were encountered: