The Floating Point Error

Written by legit | Published 2026/01/15
Tech Story Tags: fintech | fintech-ethics | floating-point-error | financial-software-bugs | software-rounding-errors | software-quality-assurance | engineering-ethics | fintech-fraud-risks

TLDRWhile reconciling year-end logs, I discovered a floating-point rounding error leaking fractions of a cent per transaction. When I ran a git blame to find the culprit, I discovered the code wasn't a rookie mistake, it was a deliberate backdoor added by the founder to skim revenue. Now I have to decide whether to fix the bug or take the hush moneyvia the TL;DR App

Disclaimer: The following is a work of fiction; any resemblance to real companies, systems, or individuals is purely coincidental.


The numbers wouldn't add up.


That’s where it always started. A flicker on the screen. A single cell in a spreadsheet of millions, glowing a defiant red. The reconciliation report was off. Again. The variance was small. Infinitesimal, really. 0.0037 cents per transaction. Dust.


My eyes burned from the monitor's glare. The coffee next to me was a cold, bitter sludge. The rest of the office was a ghost town, just the hum of the servers and the distant purr of the city twelve floors below. This was my world: the quiet, thankless intersection of finance and quality assurance. I was the guy they called when the dust didn't settle right.


For a week, I’d been chasing this ghost. This tiny, insignificant rounding error. At a high-growth fintech company like ours, processing thousands of transactions a minute, the dust became a dune. Small change became real money. My money. Your money.


It felt like a floating-point error. A classic rookie mistake. Some junior dev using a float for currency calculations instead of a fixed-point Decimal type, letting fractions of pennies evaporate into the digital ether through imprecise rounding logic. Annoying, but harmless. An easy fix.


I pulled the repository for the billing pipeline. The code told a story. I started scrolling through the history, the git commit messages a litany of bug fixes, feature launches, and frantic hotfixes. I was looking for the original sin. The first time the rounding logic was touched.

And then I saw it.


It was a commit from over a year ago. Authored by one of the founding engineers, someone who was long gone, cashed out, and sailing a yacht somewhere sunny. The commit message was simple: Refactor for performance.


The code itself was clean. Deceptively so. But there it was.

- from decimal import Decimal
-
- def calculate_fee(amount: Decimal) -> Decimal:
-     # Standard 0.2% processing fee
-     fee = amount * Decimal('0.002')
-     return fee.quantize(Decimal('0.0001'))
+
+ def calculate_fee(amount: float) -> float:
+     # Standard 0.2% processing fee
+     fee = amount * 0.002
+     return fee


A deliberate change from a precise decimal library to a standard floating-point variable. The pull request had one comment from our CTO, Mark. Looks good. Ship it.


This wasn't a mistake.


You don't refactor for performance by introducing less precision into your core billing system. You just don't. This was designed. The fractions weren’t evaporating. They were being funneled. A subtle, silent skim, hiding in plain sight as a rounding error.


The next morning, I walked into Mark’s office. It was all glass and minimalist furniture, a temple to frictionless commerce. He was all smiles and good cheer, a man who believed his own press releases.


"Good news?" he asked, leaning back in his chair. "You found the bug?"


"I found a variance in the rounding logic," I said, keeping my voice level. "It seems we're using floating-point variables where we should be using decimals. It's causing a small but consistent discrepancy in transaction settlements." I watched his face. The smile didn't drop. It just... tightened.


"Right," he said slowly. "The performance refactor. That was necessary for scale. The transaction volume was killing us."


"The variance," I repeated, "is accumulating. It's not a lot per user, but in aggregate..."


"It's within acceptable operational limits," he cut me off. The words were smooth, practiced. Corporate armor. "We can't just halt the pipeline for a legacy issue. We've got Q1 targets to hit. Drop it, Alex. We'll add it to the tech debt backlog." He turned back to his monitor. A dismissal.


I stood there for a moment, the hum of his server rack suddenly loud in the silence. He wasn’t asking me to ignore a bug. He was telling me to become an accomplice.


I walked back to my desk, the fluorescent lights of the open-plan office feeling harsh, interrogative. I sat down, the cold coffee still sitting there, accusingly. On one screen was the git commit. On the other, a blank file. I could write a quiet pull request to fix the "bug," submit it, and see who rejected it. I could write an anonymous email to the regulators. Or I could do nothing. I could take the generous bonus that was surely coming, keep my head down, and let the dust settle where it may.


My cursor blinked on the screen, a steady, rhythmic pulse in the gathering dark. Waiting for a command.



Written by legit | Cybersecurity analyst by day, open-source contributor by night. Passionate about making the digital world a safer place
Published by HackerNoon on 2026/01/15
ABOUTHow hackers start their afternoons. We publish tech stories and build publishing software.

READEntirely free library read by hundreds of millions to learn anything about any technology.

WRITEHackerNoon elevates quality technology writing far and wide across the interwebs.

PARTNERHackerNoon works directly with tech companies to place ads by content relevancy