Rounding issue here, rounding issue there, complex arithmetic operations, non-complex arithmetic operations …
Within a codebase more often than not arithmetic operations are present and as we all know, solidity will naturally round down. This vulnerability type gets exploited over and over again.
But what’s the best approach to tackle this?
Well, first of all it’s important to understand what the arithmetic operation does, I guess everyone is capable of handling this.
Secondly, we need to address when exactly a specific operation is applied - the most common examples are share calculations, burning, minting .. you name it.
So, once we have identified this, we need to ensure that these operations always happen AGAINST THE FAVOR OF THE USER.
What does that mean?
It’s as simple as rounding down for minting shares to users and rounding up when burning shares from users. This is the absolutely most important rule.
And once we have ensured that, we should check for any possible edge-cases, scenarios which no one thinks about and can have undesired side-effects …
TLDR: Throw utmost important attention to any arithmetic operation in your codebase.
Within a codebase more often than not arithmetic operations are present and as we all know, solidity will naturally round down. This vulnerability type gets exploited over and over again.
But what’s the best approach to tackle this?
Well, first of all it’s important to understand what the arithmetic operation does, I guess everyone is capable of handling this.
Secondly, we need to address when exactly a specific operation is applied - the most common examples are share calculations, burning, minting .. you name it.
So, once we have identified this, we need to ensure that these operations always happen AGAINST THE FAVOR OF THE USER.
What does that mean?
It’s as simple as rounding down for minting shares to users and rounding up when burning shares from users. This is the absolutely most important rule.
And once we have ensured that, we should check for any possible edge-cases, scenarios which no one thinks about and can have undesired side-effects …
TLDR: Throw utmost important attention to any arithmetic operation in your codebase.
Explore the critical aspects of handling arithmetic operations in Solidity
