# Divide before multiply

## Description

- Vulnerability Category:
`Arithmetic`

- Vulnerability Severity:
`Medium`

- Detectors:
`divide-before-multiply`

- Test Cases:
`divide-before-multiply-1`

In Rust, the order of operations can influence the precision of the result, especially in integer arithmetic. Performing a division operation before a multiplication can lead to a loss of precision as division between integers might return zero. This issue can have serious consequences in programs such as smart contracts where numerical precision is critical.

## Exploit Scenario

Consider the following `ink!`

contract:

`#[ink::contract]`

mod divide_before_multiply {

#[ink(storage)]

pub struct FloatingPointAndNumericalPrecision {}

impl FloatingPointAndNumericalPrecision {

/// Creates a new FloatingPointAndNumericalPrecision contract.

#[ink(constructor)]

pub fn new() -> Self {

Self {}

}

/// Calculates the profit for a given percentage of the total profit.

#[ink(message)]

pub fn split_profit(&self, percentage: u64, total_profit: u64) -> u64 {

(percentage / 100) * total_profit

}

}

}

In this contract, the `split_profit`

function divides the `percentage`

by `100`

before multiplying it with `total_profit`

. This could lead to a loss of precision if `percentage`

is less than `100`

as the division would return `0`

. This could lead to incorrect calculations and potential financial loss in a real-world smart contract.

The vulnerable code example can be found `here`

.

## Remediation

Reverse the order of operations to ensure multiplication occurs before division.

`#[ink::contract]`

mod divide_before_multiply {

#[ink(storage)]

pub struct FloatingPointAndNumericalPrecision {}

impl FloatingPointAndNumericalPrecision {

#[ink(constructor)]

pub fn new() -> Self {

Self {}

}

#[ink(message)]

pub fn split_profit(&self, percentage: u64, total_profit: u64) -> u64 {

(percentage * total_profit) / 100

}

}

}

The remediated code example can be found `here`

.