search

code-423n4 / 2022-06-infinity-findings

4 stars 0 forks source link

No Epoch Advancement due to possible divide-by-zero #204

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/token/InfinityToken.sol#L65 https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/token/InfinityToken.sol#L47

Vulnerability details

Impact

A missing zero value check during contract deployment can lead to advanceEpoch() reverting due to a divide-by-zero issue. There will be an error issue when calculating epochsPassedSinceLastAdvance since getEpochDuration() = 0 , making it not possible to advance epochs.

Tools Used

Manual review

Recommended Mitigation Steps

Add a require() check for zero value in the constructor.

HardlyDifficult commented 2 years ago

Since this is a constructor param, user input validation is not necessarily required. Lowering risk and merging with the warden's QA report https://github.com/code-423n4/2022-06-infinity-findings/issues/216