At line 185 of Payout, the deduction is calculated by excludeUsd / (curTotalUsdPool / totalSupply) instead of excludeUsd * totalSupply / curTotalUsdPool. However, the former one is consider less precise than the latter, and could cause a divide-by-zero error if curTotalUsdPool < totalSupply.
Evert0x
commented
3 years ago
Handle
shw
Vulnerability details
Impact
At line 185 of
Payout, thedeductionis calculated byexcludeUsd / (curTotalUsdPool / totalSupply)instead ofexcludeUsd * totalSupply / curTotalUsdPool. However, the former one is consider less precise than the latter, and could cause a divide-by-zero error ifcurTotalUsdPool < totalSupply.Proof of Concept
Referenced code: Payout.sol#L185
Recommended Mitigation Steps
Change the calculation to
excludeUsd * totalSupply / curTotalUsdPool.