Open code423n4 opened 2 years ago
I agree with the finding
I think the warden may have missed a bigger issue (you seem to not be able to mint as mint calls handleFees)
Given the info received the finding is valid, and the severity is valid as well
Highly recommend the sponsor checks the revert for minting as well
Handle
0xsanson
Vulnerability details
Impact
In Basket.sol,
handleFees
computes the following:uint256 newIbRatio = ibRatio * startSupply / totalSupply()
.In the case that
totalSupply() = 0
(every holder burned their basket), the function reverts since there's a 0/0. This issue won't let new people mint, sincehandleFees
is called before any minting.Proof of Concept
https://github.com/code-423n4/2021-09-defiProtocol/blob/main/contracts/contracts/Basket.sol#L124
Tools Used
editor
Recommended Mitigation Steps
Consider adding a check before the division.