code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-04-phuture/tree/main/contracts/libraries/NAV.sol#L97

Vulnerability details

Division by 0 can lead to accidentally revert, (An example of a similar issue - https://github.com/code-423n4/2021-10-defiprotocol-findings/issues/84)

https://github.com/code-423n4/2022-04-phuture/tree/main/contracts/libraries/NAV.sol#L97 last balance can be 0!!

Those are also issues but less severe (for example time elapsed can be 0 in special cases).

    https://github.com/code-423n4/2022-04-phuture/tree/main/contracts/UniswapV2PriceOracle.sol#L54 timeElapsed might be 0
    https://github.com/code-423n4/2022-04-phuture/tree/main/contracts/TrackedIndex.sol#L37 _totalCapitalization might be 0
    https://github.com/code-423n4/2022-04-phuture/tree/main/contracts/UniswapV2PriceOracle.sol#L55 timeElapsed might be 0

jn-lp commented 2 years ago

vToken's lastBalance will never eq 0

moose-code commented 2 years ago

"vToken's lastBalance will never eq 0" No explanation given here as why this is the case but beleive its 0xdead holding tokens. Note the orderer could burn the tokens from 0xdead in a very unlikely case. This is not medium in this context.

code-423n4 / 2022-04-phuture-findings

Div by 0 #42

Lines of code

Vulnerability details