Merge pull request #81 from aguilar1x/fix/safe-arithmetic-fee-share

fix: safe arithmetic fee share

Author: armandocodecr

contracts/escrow/src/core/dispute.rs

@@ -75,8 +75,11 @@ impl DisputeManager {
         }
         for (addr, amount) in distributions.iter() {
             if amount > 0 {
-                let fee_share = (amount * total_fees) / total;
-                let net_amount = amount - fee_share;
+                let fee_share = BasicMath::safe_div(
+                    BasicMath::safe_mul(amount, total_fees)?,
+                    total,
+                )?;
+                let net_amount = BasicMath::safe_sub(amount, fee_share)?;
                 if net_amount > 0 {
                     token_client.transfer(&contract_address, &addr, &net_amount);
                 }
@@ -148,8 +151,11 @@ impl DisputeManager {
             if amount <= 0 {
                 continue;
             }
-            let fee_share = (amount * total_fees) / total;
-            let net_amount = amount - fee_share;
+            let fee_share = BasicMath::safe_div(
+                BasicMath::safe_mul(amount, total_fees)?,
+                total,
+            )?;
+            let net_amount = BasicMath::safe_sub(amount, fee_share)?;
             if net_amount > 0 {
                 token_client.transfer(&contract_address, &addr, &net_amount);
             }

contracts/escrow/src/modules/math/basic.rs

@@ -5,6 +5,8 @@ pub struct BasicMath;
 pub trait BasicArithmetic {
     fn safe_add(a: i128, b: i128) -> Result<i128, ContractError>;
     fn safe_sub(a: i128, b: i128) -> Result<i128, ContractError>;
+    fn safe_mul(a: i128, b: i128) -> Result<i128, ContractError>;
+    fn safe_div(a: i128, b: i128) -> Result<i128, ContractError>;
 }
 
 impl BasicArithmetic for BasicMath {
@@ -15,4 +17,15 @@ impl BasicArithmetic for BasicMath {
     fn safe_sub(a: i128, b: i128) -> Result<i128, ContractError> {
         a.checked_sub(b).ok_or(ContractError::Underflow)
     }
+
+    fn safe_mul(a: i128, b: i128) -> Result<i128, ContractError> {
+        a.checked_mul(b).ok_or(ContractError::Overflow)
+    }
+
+    fn safe_div(a: i128, b: i128) -> Result<i128, ContractError> {
+        if b == 0 {
+            return Err(ContractError::DivisionError);
+        }
+        a.checked_div(b).ok_or(ContractError::Overflow)
+    }
 }