calculateDeviationThresholdBasisPoints() was important enough to be in a separate library rather than being just a normal function of another contract so it should be generic enough for other contracts to use it. If the input argument a is zero then the function performs a division by zero and will throw an exception. If this behavior is what is wanted, the NatSpec should make this explicit and a revert() should be added with an appropriate error message.
/// @notice return the percent deviation between a and b in basis points terms
function calculateDeviationThresholdBasisPoints(int256 a, int256 b)
internal
pure
returns (uint256)
{
int256 delta = a - b;
int256 basisPoints = (delta * Constants.BP_INT) / a;
jack-the-pug
commented
2 years ago
I'm upgrading the following issue from a QA report (issue https://github.com/code-423n4/2022-03-volt-findings/issues/48 ) to Medium risk:
Division by zero
calculateDeviationThresholdBasisPoints()was important enough to be in a separate library rather than being just a normal function of another contract so it should be generic enough for other contracts to use it. If the input argumentais zero then the function performs a division by zero and will throw an exception. If this behavior is what is wanted, the NatSpec should make this explicit and arevert()should be added with an appropriate error message.