search

code-423n4 / 2021-09-defiprotocol-findings

1 stars 0 forks source link

`handleFees` reverts if supply is zero #264

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

0xsanson

Vulnerability details

Impact

In Basket.sol, handleFees computes the following: uint256 newIbRatio = ibRatio * startSupply / totalSupply().

In the case that totalSupply() = 0 (every holder burned their basket), the function reverts since there's a 0/0. This issue won't let new people mint, since handleFees is called before any minting.

Proof of Concept

https://github.com/code-423n4/2021-09-defiProtocol/blob/main/contracts/contracts/Basket.sol#L124

Tools Used

editor

Recommended Mitigation Steps

Consider adding a check before the division.

if (startSupply == 0) {
    return;
}
GalloDaSballo commented 2 years ago

I agree with the finding

I think the warden may have missed a bigger issue (you seem to not be able to mint as mint calls handleFees)

Given the info received the finding is valid, and the severity is valid as well

Highly recommend the sponsor checks the revert for minting as well