Assessment reportsPublic findings
Back to Zellic site
Assessment reports>SAX>Discussion>Token share rounding errors
GeneralOverview
Findings
High (1)
Medium (1)
Informational (1)
DiscussionUnused and redundant fields of structures Checks-effects-interactions patternRedundant if conditions in `getSellPrice` functionCentralization riskInitial mint sellableToken creator can set viralityIncomplete test coverageToken share rounding errors
Threat ModelWhat are threat models?BondingViralityController.solMerkleTokenShare.sol
Audit ResultsSummary

Claimed token shares might not sum up to total amount

When claiming tokens, the amount transferred could have been rounded down:

function claimTokens(
    bytes32[] calldata proof,
    uint256 epoch,
    uint256 index,
    uint256 tokenIdx,
    uint16 shareBbps
) public {
    // ...
    uint256 amount = share.amounts[tokenIdx] * shareBbps / BPS_MAX; // Rounding down can happen at this division
    IERC20(token).safeTransfer(recipient, amount);
    // ...
}

If this happens, then some amount of the token will be left behind in the contract after all shares have been claimed, even if the shareBbps for all shares add up to BPS_MAX.

There is also no check that the shareBbps for all shares add up to BPS_MAX, so this is something the owner has to ensure when constructing a call to updateViralityScores. Note that this could be used to recover stuck tokens due to rounding as mentioned above, by adding an extra share amounting to the stuck tokens. If the sum of shareBbps for all shares add up to more than BPS_MAX and the contract has an insufficient balance to cover all claims, the call to claimTokens will revert when the remaining balance is insufficient for the claim.

In commit , claimTokens was converted to operate with absolute share amounts rather than ratios in basis points, thereby avoiding the rounding issue.

Zellic © 2024Back to top ↑