Summary

We list 2 low-critical findings:

(Low) mint() and mintableShares() don't check whether self.lastBalance is zero in NAV.sol
(Low) (Low) floating pragma

In summary of recommended security practices, it's better to take care of division by zero problem and lock pragma version.

(Low) `mint()` and `mintableShares()` don't check whether self.lastBalance is zero in `NAV.sol`

Impact

In Nav.sol, mint() and mintableShares() could have division by zero problem when self.lastBalance is zero.

Proof of Concept

https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/libraries/NAV.sol#L44

https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/libraries/NAV.sol#L97

Tools Used

vim

Recommended Mitigation Steps

Add a check for self.lastBalance

(Low) floating pragma

Impact

Floating pragma may cause unexpected compilation time behaviour and introduce unintended bugs.

Proof of Concept

All the contracts have floating pragma problems.

https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/PhutureIndex.sol#L3

https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/BaseIndex.sol#L3

Tools Used

vim

Recommended Mitigation Steps

Don't use >=, lock pragma to ensure compiler version. e.g. pragma solidity 0.8.7;

code-423n4 / 2022-04-phuture-findings

QA Report #68

Summary

(Low) `mint()` and `mintableShares()` don't check whether self.lastBalance is zero in `NAV.sol`

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

(Low) floating pragma

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

code-423n4 / 2022-04-phuture-findings

QA Report #68

Summary

(Low) mint() and mintableShares() don't check whether self.lastBalance is zero in NAV.sol

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

(Low) floating pragma

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

(Low) `mint()` and `mintableShares()` don't check whether self.lastBalance is zero in `NAV.sol`