FV-SOL-2 Precision Errors

TLDR

Precision errors arise when contracts mishandle decimal scaling or rounding in calculations, leading to inaccurate results

Code

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract VulnerableToken {
    string public name = "VulnerableToken";
    string public symbol = "VUL";
    uint8 public decimals = 18;
    uint256 public totalSupply;
    mapping(address => uint256) public balanceOf;

    event Transfer(address indexed from, address indexed to, uint256 value);

    constructor(uint256 initialSupply) {
        // Initialize total supply without accounting for decimals
        totalSupply = initialSupply;
        balanceOf[msg.sender] = totalSupply;
        emit Transfer(address(0), msg.sender, totalSupply);
    }

    // Mint function vulnerable to incorrect decimal handling
    function mint(uint256 amount) public {
        // Fails to scale by decimals, causing inflated supply
        totalSupply += amount;
        balanceOf[msg.sender] += amount;
        emit Transfer(address(0), msg.sender, amount);
    }
}

Classifications

FV-SOL-2-C1 Token Decimals

FV-SOL-2-C2 Floating Point

FV-SOL-2-C3 Rounding

FV-SOL-2-C4 Division by Zero

FV-SOL-2-C5 Time-Based

Mitigation Patterns

FV-SOL-2-M1 Unit Testing on Edge Cases

Write tests for edge cases, such as small or very large values, fractions close to rounding boundaries, zero values, and more.

Actual Occurrences

Content

PreviousFV-SOL-1-C6 Read-Only NextFV-SOL-2-C1 Token Decimals

Last updated 14 days ago