Last updated: February 06, 2026

SCWE-124: Inconsistent Rounding Direction in Financial Math

Stable Version v1.0

This content is in the version-(v1.0) and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).

Send Feedback

Relationships

• CWE-682: Incorrect Calculation
  https://cwe.mitre.org/data/definitions/682.html

Description

Using mixed rounding strategies (floor vs. ceil vs. truncation) across mint/burn/withdraw logic causes value drift. Attackers can cycle operations to accumulate dust gains or trigger unfair liquidations due to asymmetry.

Remediation

• Define and document a single rounding direction per invariant (e.g., always round in favor of the protocol or user).
• Centralize math helpers and reuse them across all financial paths.
• Add property-based tests to ensure invariant preservation under rounding.

Examples

Vulnerable

pragma solidity ^0.8.0;

shares = amount * totalShares / totalAssets;      // truncates
assets = shares * totalAssets / totalShares + 1;  // rounds up

Fixed

pragma solidity ^0.8.0;

// consistently round down (or up) and state it explicitly
shares = amount * totalShares / totalAssets;
assets = shares * totalAssets / totalShares;