Precision Errors
Detects precision loss and rounding errors in DeFi financial calculations.
Precision Errors
Overview
The precision errors detector identifies dangerous arithmetic patterns in DeFi calculations including division before multiplication (causes precision loss), missing decimal scaling in token conversions, integer division where decimals are needed, truncation in price calculations, and accumulation of rounding errors in loops.
For remediation guidance, see Precision Errors Remediation.
Why This Is an Issue
Precision errors in financial calculations have caused millions in losses across DeFi protocols. Division before multiplication truncates intermediate results, losing precision that cannot be recovered. When calculating token exchange rates, share prices, or fee distributions, even small rounding errors can be exploited at scale — an attacker performing thousands of transactions can accumulate meaningful value from truncation artifacts.
How to Resolve
Before (Vulnerable)
// Vulnerable: division before multiplication loses precision
pub fn calculate_output(amount: u64, price: u64, decimals: u64) -> u64 {
let rate = price / decimals; // Truncation here
amount * rate // Lost precision propagates
}After (Fixed)
// Fixed: multiply first, then divide
pub fn calculate_output(amount: u64, price: u64, decimals: u64) -> u64 {
amount.checked_mul(price)
.unwrap()
.checked_div(decimals)
.unwrap()
}Example JSON Finding
{
"detector": "precision-errors",
"severity": "high",
"confidence": 0.7,
"message": "Division before multiplication in financial calculation causes precision loss",
"location": { "function": "calculate_output", "block": 0, "statement": 1 }
}Detection Methodology
- Division-before-multiplication pattern: Identifies division operations whose results feed into multiplication.
- Decimal scaling analysis: Checks for proper decimal adjustment in token amount conversions.
- Loop accumulation detection: Flags repeated rounding operations inside loops where errors compound.
- Overflow risk assessment: Identifies large multiplications that could overflow u64.
Limitations
False positives: Intentional integer division for fee rounding may be flagged. False negatives: Precision issues in complex multi-step calculations spanning multiple functions may not be fully traced.
Related Detectors
- Oracle Data Freshness — stale prices feeding into calculations
- Wrapped Token Parity — token supply invariant violations