Closed code423n4 closed 2 years ago
Dravee
A division by 0 could occur
While at some places, a check is made to make sure that totalAttributions > 0, it's not consistently the case, such as in the following places:
totalAttributions > 0
contracts\Vault.sol:304: _retVal = (_attribution * valueAll()) / totalAttributions; contracts\Vault.sol:407: return (valueAll() * attributions[_target]) / totalAttributions; contracts\Vault.sol:449: return (valueAll() * MAGIC_SCALE_1E6) / totalAttributions;
At the following place, the check is indeed made:
contracts\Vault.sol:389: return (_attribution * valueAll()) / totalAttributions;
VS Code
If this check is at least made at some places, this means that totalAttributions can indeed take a value of 0. Therefore, a check should always be made to prevent the div by 0
totalAttributions
similar issue https://github.com/code-423n4/2022-01-insure-findings/issues/287
oishun1112
commented
2 years ago
Handle
Dravee
Vulnerability details
Impact
A division by 0 could occur
Proof of Concept
While at some places, a check is made to make sure that
totalAttributions > 0, it's not consistently the case, such as in the following places:At the following place, the check is indeed made:
Tools Used
VS Code
Recommended Mitigation Steps
If this check is at least made at some places, this means that
totalAttributionscan indeed take a value of 0. Therefore, a check should always be made to prevent the div by 0