At line 185 of Payout, the deduction is calculated by excludeUsd / (curTotalUsdPool / totalSupply) instead of excludeUsd * totalSupply / curTotalUsdPool. However, the former one is consider less precise than the latter, and could cause a divide-by-zero error if curTotalUsdPool < totalSupply.
Handle
shw
Vulnerability details
Impact
At line 185 of
Payout
, thededuction
is calculated byexcludeUsd / (curTotalUsdPool / totalSupply)
instead ofexcludeUsd * totalSupply / curTotalUsdPool
. However, the former one is consider less precise than the latter, and could cause a divide-by-zero error ifcurTotalUsdPool < totalSupply
.Proof of Concept
Referenced code: Payout.sol#L185
Recommended Mitigation Steps
Change the calculation to
excludeUsd * totalSupply / curTotalUsdPool
.