'%3e%3cpath%20d='M12.4997%201.33325C10.39%201.33325%208.32772%201.95884%206.5736%203.13091C4.81947%204.30298%203.4523%205.96888%202.64496%207.91796C1.83763%209.86704%201.62639%2012.0118%202.03797%2014.0809C2.44955%2016.15%203.46545%2018.0506%204.95721%2019.5424C6.44897%2021.0342%208.34959%2022.0501%2010.4187%2022.4616C12.4878%2022.8732%2014.6326%2022.662%2016.5816%2021.8546C18.5307%2021.0473%2020.1966%2019.6801%2021.3687%2017.926C22.5408%2016.1719%2023.1663%2014.1096%2023.1663%2011.9999C23.1663%209.17094%2022.0425%206.45783%2020.0422%204.45745C18.0418%202.45706%2015.3287%201.33325%2012.4997%201.33325ZM12.4997%2021.3333C10.6537%2021.3333%208.84922%2020.7859%207.31436%2019.7603C5.7795%2018.7347%204.58322%2017.2771%203.8768%2015.5716C3.17039%2013.8662%202.98555%2011.9896%203.34568%2010.1791C3.70581%208.36859%204.59473%206.70554%205.90002%205.40025C7.20531%204.09496%208.86835%203.20605%2010.6788%202.84592C12.4893%202.48579%2014.3659%202.67063%2016.0714%203.37704C17.7768%204.08346%2019.2345%205.27974%2020.2601%206.8146C21.2856%208.34945%2021.833%2010.154%2021.833%2011.9999C21.833%2014.4753%2020.8497%2016.8492%2019.0993%2018.5996C17.349%2020.3499%2014.975%2021.3333%2012.4997%2021.3333Z'%20fill='white'/%3e%3cpath%20d='M19.167%208.06667C19.042%207.9425%2018.8731%207.8728%2018.697%207.8728C18.5208%207.8728%2018.3519%207.9425%2018.227%208.06667L10.8269%2015.4333L6.82695%2011.4333C6.70495%2011.3016%206.53562%2011.2237%206.35621%2011.2169C6.1768%2011.21%206.00201%2011.2747%205.87028%2011.3967C5.73856%2011.5187%205.66069%2011.688%205.65382%2011.8674C5.64694%2012.0468%205.71162%2012.2216%205.83362%2012.3533L10.8269%2017.3333L19.167%209.01333C19.2294%208.95136%2019.279%208.87762%2019.3129%208.79638C19.3467%208.71514%2019.3642%208.62801%2019.3642%208.54C19.3642%208.45199%2019.3467%208.36485%2019.3129%208.28361C19.279%208.20237%2019.2294%208.12864%2019.167%208.06667Z'%20fill='white'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_2790_31187'%3e%3crect%20width='24'%20height='24'%20fill='white'%20transform='translate(0.5)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
DexLyn Disclosed Report
Audit report DexLyn Tokenomics Smart Contract Audit Contest Permanent value loss when splitting a veNFT (silent deflation)
Target
https://github.com/hackenproof-public/tokenomics_contract
Vulnerability Details
yo;
what the code actually does
1) split pre‑decrements global supply by the full original lock
in split, after loading value = locked.amount, the contract executes:
(https://github.com/hackenproof-public/tokenomics_contract/blob/main/sources/voting_escrow.move#L647)
// reset supply, deposit_for_internal increase it
voting_escrow.supply = voting_escrow.supply - value;
this reduces the global “locked DXLYN” counter by the entire old position before new children are created
2) per‑child amounts are floored (u64 integer division)
- for each weight in
split_weights, the child’s amount is computed as:
(https://github.com/hackenproof-public/tokenomics_contract/blob/main/sources/voting_escrow.move#L669)
_value_internal = value * weight / total_weight;
this is integer division -> floors each piece
3) supply is re‑incremented child‑by‑child by that floored amount
inside deposit_for_internal:
let supply_before = voting_escrow.supply;
voting_escrow.supply = supply_before + value; // value is _value_internal for splits
...
table::upsert(&mut voting_escrow.locked, token, locked); // writes floored amount
check_point_internal(...); // updates bias/slope using the floored new amount
there’s no final reconciliation of the missing remainder after the loop
4) tokens backing a lock actually move only on deposit/withdraw (not on split)
during a split, deposit_for_internal skips token transfers when type == SPLIT_TYPE:
if (value > 0 && type != MERGE_TYPE && type != SPLIT_TYPE) {
... transfer from user ...
}
so on splits, only accounting changes (supply & locked.amount), not balances, the “stranded remainder” stays inside the VotingEscrow object account and is not associated to any token anymore, so the user cannot withdraw it later
5) withdraw returns exactly the recorded locked.amount
withdraw moves out value = locked.amount and then burns the NFT, if split floor rounding made the new locks sum to less than the original, the difference is unrecoverable by the user
6) global voting power is tracked via check_point_internal
voting power (bias/slope) is recomputed from the new floored amounts, because each child uses the floored value, the sum of slopes/bias after the split is strictly less than before when any remainder exists, that propagates into total_supply(...) via point history
7)
splitis an entry function, anyveNFTholder can call it; there is no admin gate only a check that the token isn’t voted at that moment
impact:
1) funds loss for the caller (unrecoverable “stranded” tokens)
because withdraw sends exactly locked.amount, any remainder shaved by split rounding is not withdrawable afterwards (no code path re‑credits it)
2) system‑wide governance & emissions distortion
-
point history / slopes:
check_point_internalcalculatesu_newfrom the floored amounts and updates per‑epoch slope changes; the aggregate bias/slope that feedtotal_supply(t)become smaller than before for the same time horizon -
global “supply” metric:
VotingEscrow.supplyis lowered by the remainder and persists, (you can observe supply vs. actualprimary_fungible_store::balancevia the test helperget_voting_escrow_state, which returns both numbers) -
downstream modules (voting, bribes, fee/emission distribution) typically rely on ve bias/slope and per‑token balance_of/total_supply(t); those are also deflated after split because the new children are recorded with less (or even zero) amount.
3) DoS‑like / griefing externalities
if emissions or incentive weights are calibrated to ve totals, attackers can artificially shrink the reference totals (even to near‑zero), skewing per‑unit rates and analytics—even if they don’t profit directly,
exploit:
tx:
1) minimal dust case (lose 1):
create_lock(user, 100, T_end)-> receive NFT A (amount=100)split(user, A, [1,2])- Pre‑decrement:
supply -= 100 Children: B=33, C=66 (floors)- re‑increment:
supply += 33, then supply += 66 -> net -1 - withdraw later: B gives 33, C gives 66; the remaining 1 is gone from accounting forever
2) catastrophic case (lose all):
create_lock(user, 100, T_end) -> NFT Asplit(user, A, [1,1,1,...] 101 times)- each child gets
floor(100/101) = 0 - net supply drop:
-100(all “lost”) after the loop - withdraw later: all children withdraw 0. Funds are stranded
Validation steps
poc:
1) worst‑case one‑shot full burn (100% of lock “lost”)
this is more severe than dust: because child amounts use floor(value * weight / total_weight), if you choose many small weights such that total_weight > value, then each value * weight / total_weight can be 0, causing all children to receive 0 and the entire original value to disappear from recorded locks
example: value = 100, choose split_weights as 101 entries of 1 each
total_weight = 101- for every child:
floor(100 * 1 / 101) = 0 - sum of
children = 0 - supply change: pre‑decrement -100, re‑increment +0 -> -100
- result: original NFT is burned; 101 new NFTs with 0 amount are minted; user’s withdrawable DXLYN from this lock becomes 0; the 100 tokens are stranded in the escrow account balance with no function to recover them (no “sweep”/reconcile)
- code sites: weight loop and floor calculation in split , supply math in
split+deposit_for_internal, withdraw semantics
Attachments
hidden 
Comments on this report are hidden 
Details 
Participants (4) 
