denial of service

[code423n4]

Handle

danb

Vulnerability details

Impact

in the first call to requery, If the oracle returns newProtocolEquity = 0, it can never be changed and would lead to denial of service of the system.

Proof of Concept

In requery, init is checked to be false if newProtocolEquity = 0, and then set to true. so if it is already initialized and newProtocolEquity = 0, it wouldn't change anything

Tools Used

manual review

[elee1766]

arguable reasoning but valid conclusion

oracle assumed to be functional for scope of audit. will still fix though. Since oracle may be queried before votes, issue is not that great and one just needs to redeploy

[pauliax]

The severity is low, as this is unlikely to happen in practice and even if that happens, the mitigation is not that hard.