This repository has been archived by the owner on Jun 2, 2024. It is now read-only.
0xHelium - getClaimableCyclesAndAmounts() getter function will return wrong ClaimableCyclesAndAmounts[] because of rounding issues #53
Labels
Excluded
Excluded by the judge without consulting the protocol or the senior
Non-Reward
This issue will not receive a payout
Comments
github-actions
bot
added
Has Duplicates
This was referenced Dec 2, 2023
Closed
|
Based on impact and example provided, hard to assign all of the mentioned instances and its duplicates anything other than Low severity/Invalid given the extremely small loss of precision based on examples provided |
sherlock-admin
changed the title
sherlock-admin
added
Non-Reward
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
0xHelium
high
getClaimableCyclesAndAmounts() getter function will return wrong ClaimableCyclesAndAmounts[] because of rounding issues
Summary
getClaimableCyclesAndAmounts() function is used to get an array of token and reward associated to the Staking position sorted by cycleId. However this function will return wrong values in certain cases causing a difference between real rewards and what is actually returned.
Vulnerability Detail
getClaimableCyclesAndAmounts() function will cause a loss of precision when calculating the cvgAmount. This code is where the issue happens.
For example:
Impact
Function will return a value different than the real value.
Code Snippet
https://github.com/sherlock-audit/2023-11-convergence/blob/main/sherlock-cvg/contracts/Staking/StakeDAO/SdtStakingPositionService.sol#L1027
Tool used
Manual Review,
VsCode
Recommendation
Use a multiplier for making operations that can lead to rounding down issues
The text was updated successfully, but these errors were encountered: