myctrl.tools

SC07Arithmetic Errors

>Control Description

Arithmetic errors encompass situations where smart contracts perform integer-based calculations that produce incorrect or exploitable results due to truncation, scaling, or unit conversion. The vulnerability applies to all contract types computing numeric values, including DeFi protocols (share minting/burning, LP tokens, interest accrual, swap outputs, AMM invariant updates), yield vaults and ERC-4626 implementations, rebasing tokens, reward distribution, and NFT/token economics. **Key Focus Areas:** - Share and LP token calculations (deposit/withdraw formulas, rounding direction) - Interest and reward accrual (compounding, time-weighted averages) - Swap and AMM math (constant product, concentrated liquidity, output calculations) - Fixed-point and scaling (1e18, 1e8 conventions, cross-token conversions) - Rebasing and proportional distribution (per-user vs. global accounting) **Exploitation Methods:** - Rounding bias: exploiting rounding that favors depositor or protocol under adversarial sequences - Repeated small gains via flash loans or high-frequency interactions - Edge cases: zero total supply, first depositor, extreme ratios where formulas break down - Precision loss accumulation: multi-step computations where imprecision compounds

>Prevention & Mitigation Strategies

  1. 1.Use safe math patterns (Solidity 0.8+ has built-in checks, though surrounding logic remains critical).
  2. 2.Clearly document and test rounding strategy, deciding whether rounding favors protocol or users.
  3. 3.Prove that repeated interactions cannot create exploitable value.
  4. 4.Rely on well-reviewed math libraries for complex operations (fixed-point math, high-precision exponentiation/logarithms).
  5. 5.Incorporate invariant checks (e.g., totalAssets vs. user balance sums, share/value consistency).
  6. 6.Use fuzz testing and differential testing to discover edge cases around small/large values and repeated operations.

>Attack Scenarios

#1zkLend (February 2025, $9.5M loss)

A rounding error in the mint() function — integer division rounding down — caused a mismatch between recorded and actual values. A withdrawal rounding down by 1.5 tokens to 1.0 enabled attackers to artificially inflate the lending_accumulator via repeated deposit/withdrawal cycles, draining approximately $9.5M.

#2Bunni (September 2025, $8.4M loss)

Precision bugs in the withdrawal function's rounding logic allowed attackers to decrease USDC balance by 85.7% while burning only 84.4% of liquidity, enabling disproportionate value extraction through repeated operations exploiting assumed-safe rounding assumptions.

>References

Ask AI

Configure your API key to use AI features.