tronprotocol · hinzwilliam52-ship-it · Mar 25, 2026
diff --git a/FIX_PROPOSAL.md b/FIX_PROPOSAL.md
@@ -0,0 +1,28 @@
+To fix the precision loss vulnerability in the `DelegateResourceProcessor` class, you can modify the code to use integer math instead of floating point arithmetic. Here's the exact code fix:
+
+```java
+// Replace the vulnerable line 79 with the following code:
+long ratio = (repo.getTotalEnergyWeight() * TRX_PRECISION) / 
+             dynamicStore.getTotalEnergyCurrentLimit();
+long energyUsage = (ownerCapsule.getEnergyUsage() * ratio) / TRX_PRECISION;
+```
+
+This fix avoids the precision loss issue by performing the calculation using integers, ensuring that the `energyUsage` value is accurate and not truncated.
+
+**Commit Message:**
+```
+Fix precision loss vulnerability in DelegateResourceProcessor
+
+* Use integer math to calculate energy usage
+* Avoid floating point truncation
+```
+
+**Code Review:**
+
+* The fix should be reviewed to ensure that it correctly calculates the `energyUsage` value without precision loss.
+* The code should be tested thoroughly to verify that it works as expected and does not introduce any new issues.
+
+**Deployment:**
+
+* The fixed code should be deployed to the production environment as soon as possible to prevent further exploitation of the vulnerability.
+* The deployment should be monitored to ensure that it does not cause any issues or disruptions to the system.