Assessment reportsPublic findings
Back to Zellic site
Assessment reports>DojoSwap>Informational findings>Possible overflow in calculations
GeneralOverview
Findings
Critical (1)
High (1)
Low (3)
Informational (3)Possible overflow in calculationsCommission-amount attribute is incorrectLaunchpad's migrate sets the contract to the current version and not the target version
DiscussionComposability
Threat ModelCrate: dojoswap_stakingCrate: launchpadCrate: dojoswap_pair
Audit ResultsAssessment Results
Category: Coding Mistakes

Possible overflow in calculations

Informational Severity
Informational Impact
N/A Likelihood

Description

There is a possible overflow in this calculation:

let pending_reward = (staker_info.bond_amount * state.global_reward_index).checked_sub(staker_info.bond_amount * staker_info.reward_index)?;

Impact

Calculations could be inaccurate and result in a loss of rewards.

Recommendations

Adjust the calculation to the equivalent one below:

let pending_reward = staker_info.bond_amount * state.global_reward_index.checked_sub(staker_info.reward_index)?;

Remediation

This issue has been acknowledged by Dojoswap Labs, PTE, and a fix was implemented in commit ce55f60d.

Zellic © 2024Back to top ↑