Solidity Attack Vector #16: Rounding Down to Zero

Solidity does not support floating point numbers. All division rounds down.

Exploit

If a calculation results in a value less than 1, it becomes 0. Attackers craft small transactions where the 'fee' or 'tax' rounds down to zero, repeatedly calling these functions to drain pools.

Defense

- Multiplication before Division: Always multiply first to preserve precision.

- Internal Scaling: Use high precision (18 decimals) for all internal math.