🔹 What is the "Floating-Point & Precision Attack" in Smart Contracts?

This attack exploits how Solidity (Ethereum’s programming language) handles decimal numbers (floating-point arithmetic) and integer division.

⚠️ Key Problem: Solidity does not support floating-point numbers (float or double) like traditional programming languages. All numbers are integers by default, and any decimal part is truncated (not rounded) during division.

This leads to precision loss, which attackers can exploit to:

• Drain funds.
• Get free tokens.
• Manipulate pricing.
• Cause logic errors (e.g., users get 0 tokens instead of the correct amount).

🧩 Real Example: A Vulnerable Token Sale Contract

Let’s break down the example from the transcript.

✅ Contract Purpose:

A simple token sale where:

• 1 ETH = 10 tokens
• So: 0.5 ETH → 5 tokens, 1.5 ETH → 15 tokens, etc.

But here’s the vulnerable code:

function buyTokens() public payable {
    uint256 tokens = (msg.value / 1e18) * 10;
    // Send 'tokens' to user
}

Or more generally:

tokens = (amountInETH / 1 ether) * tokensPerETH;