search

code-423n4 / 2021-10-tempus-findings

0 stars 0 forks source link

Param `initInterestRate` in `TempusPool::constructor` should not be 0 #12

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

pmerkleplant

Vulnerability details

Impact

If initInterestRate in the TempusPool's constructor is given as 0, no funds can be withdrawn as getRedemptionAmounts() always panic errors with division by 0 (link).

Recommended Mitigation Steps

It should be stated in the constructor's specs that initInterestRate should not be 0.

mijovic commented 3 years ago

This is irregular state of the contract, so we will add require that checks if initial rate is not 0

mijovic commented 2 years ago

Fixed in https://github.com/tempus-finance/tempus-protocol/pull/364