Min-Shares: Fixed Minimum Share Values for Tokens with Low Decimal Precision

Many contracts use a fixed minimum share value to determine the minimum amount of tokens required to participate in a contract or perform an action like deposits or withdrawals. However, tokens can have varying levels of decimal precision (the number of decimal places that a token supports). For example:

• Some tokens may have 18 decimals (common for most ERC-20 tokens).

• Others, like wrapped Bitcoin (WBTC), may have only 8 decimals.

When a contract has a fixed minimum share value and is dealing with a token that has low decimal precision but high value, the resulting calculation can cause issues. The fixed minimum value may end up representing a very large monetary value, making it impractical for users to participate, or worse, locking a significant amount of tokens in the contract.

Example of the Vulnerability:

Consider a contract that sets a fixed value for the minimum shares required to participate in an action (like making a deposit). In this example, the contract has a value:

uint256 constant MIN_NONZERO_TOTAL_SHARES = 1e9;

If the contract uses this fixed value and is dealing with a token that has low decimal precision and a high value, such as WBTC (which has 8 decimal places), this results in a high threshold for participation. Let’s break it down:

• WBTC has 8 decimals and each WBTC is worth around $29,000.

• The fixed minimum share value is 1e9.

This means that the minimum threshold to participate would require a deposit equivalent to 290,640 WBTC—an enormous value in dollar terms, which is unrealistic for most users.

Similarly, if a user wants to withdraw tokens but the remaining token balance is less than this threshold, the contract might lock up a significant amount of tokens, preventing users from accessing their funds.

---

Impact: How This Affects Users and the System

1. High Participation Threshold: Users are deterred from participating in the contract because the minimum required token amount is too high. In our example, users would need to deposit a massive amount of WBTC to meet the threshold, discouraging usage.

2. Locked Funds: In some scenarios, if users try to withdraw tokens and the amount falls below the fixed minimum share, those tokens can be effectively "stuck" in the contract. For example, if 1 WBTC is left in the contract and the minimum is set to 1e9, that WBTC might never be withdrawable, resulting in a financial loss.

3. Mismanagement of Token Precision: Tokens with different decimal precision require different handling. A one-size-fits-all approach to minimum shares is inappropriate for systems handling multiple tokens with varying decimal places.

---

Conclusion

When developing smart contracts that involve handling different tokens, especially those with varying decimal precision, it's essential to ensure that the minimum shares or participation thresholds are adaptable to the specific characteristics of each token. A fixed minimum share value, like 1e9, might work for high-precision tokens but can create significant issues for tokens with lower decimal precision and high value.

By introducing flexible mechanisms for setting minimum shares and adjusting them based on token precision, you can ensure that users can participate without unnecessary barriers and prevent any significant amounts of tokens from becoming locked in the contract.

To address this issue, developers need to ensure that the minimum shares value is flexible and adapts to the decimal precision of the tokens being used. There are several ways to mitigate this issue effectively.

1. Use Immutable, Adjustable Minimum Shares

Instead of setting a fixed constant for the minimum shares value, the contract should use an immutable value that can be adjusted based on the token’s decimal precision. For example: