search

code-423n4 / 2022-01-insure-findings

2 stars 0 forks source link

Missing divide by 0 checks for `_liquidity` (` == totalLiquidity()`) #357

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

Dravee

Vulnerability details

Impact

A division by 0 could occur

Proof of Concept

While at some place, a check is made to make sure that totalLiquidity() > 0, it's not consistently the case, such as here: https://github.com/code-423n4/2022-01-insure/blob/main/contracts/PoolTemplate.sol#L522-L523

At the following place, the check is indeed made:

File: IndexTemplate.sol
491:     function leverage() public view returns (uint256 _rate) {
492:         //check current leverage rate
493:         if (totalLiquidity() > 0) {
494:             return (totalAllocatedCredit * MAGIC_SCALE_1E6) / totalLiquidity();
495:         } else {
496:             return 0;
497:         }
498:     }

Tools Used

VS Code

Recommended Mitigation Steps

If this check is at least made at some places, this means that this variable can indeed take a value of 0. Therefore, a check should always be made to prevent the div by 0

This report follows a finding called "Inconsistent divide by 0 checks for totalLiquidity()", as here, I found another place with the div by 0 risk

oishun1112 commented 2 years ago

similar issue https://github.com/code-423n4/2022-01-insure-findings/issues/287

oishun1112 commented 2 years ago

Regarding the part mentioned In this issue, it looks like when _total_credit is not 0, _liquidity also can not be 0 since it includes _total_credit. There is divide by 0 check for _total_credit, so I don't think a check for _liquidity is required.