This repository has been archived by the owner on Dec 17, 2023. It is now read-only.
Saeedalipoor01988 - Calculating Protocol Fee is susceptible to precision loss due to division before multiplication #142
Labels
Non-Reward
This issue will not receive a payout
Comments
github-actions
bot
added
Medium
sherlock-admin
added
Non-Reward
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Saeedalipoor01988
medium
Calculating Protocol Fee is susceptible to precision loss due to division before multiplication
Summary
Protocol Fee may be lost (0) due to division before multiplication precision issues.
Vulnerability Detail
The StreamingFeeModule.sol.accrueFee function calculates the Protocol Fee by first dividing ( fee * totalSupply ) by ScaleFactor : (10e18) - fee to earn _feeQuantity and then multiplying _feeQuantity by protocolFee. If fee * totalSupply is small enough and ScaleFactor (10e18) - fee is large enough, the division may result in a value of 0, resulting in the Protocol Fee becoming 0.
Impact
protocol Fee Recipient may not receive fee due to precision loss.
Code Snippet
https://github.com/sherlock-audit/2023-05-Index/blob/3190057afd3085143a31746d65045a0d1bacc78c/index-protocol/contracts/protocol/modules/v1/StreamingFeeModule.sol#L94
https://github.com/sherlock-audit/2023-05-Index/blob/3190057afd3085143a31746d65045a0d1bacc78c/index-protocol/contracts/protocol/modules/v1/StreamingFeeModule.sol#L224
https://github.com/sherlock-audit/2023-05-Index/blob/3190057afd3085143a31746d65045a0d1bacc78c/index-protocol/contracts/protocol/modules/v1/StreamingFeeModule.sol#L256
Tool used
Manual Review
Recommendation
recommend avoid division before multiplication and always perform division operation at last.
Duplicate of #299
The text was updated successfully, but these errors were encountered: