require(totalStaked >= 0, 'nothing staked to rage quit');
totalStaked is uint256, so require check always pass even though totalStaked is 0.
getRageQuitAmounts is used by rageQuit function. Therefore, it is possible that users can call rageQuit function when totalStaked is 0 which is not expected.
Tools Used
static code analysis
Recommended Mitigation Steps
Fix the condition used at the require check. If totalStaked should not be zero, it can simply do like this:
require(totalStaked != 0, 'nothing staked to rage quit');
Lines of code
https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/staking/InfinityStaker.sol#L193
Vulnerability details
Impact
Users can call rageQuit when there is nothing staked.
Proof of Concept
This part checks if
totalStaked
is more than and equal to 0.https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/staking/InfinityStaker.sol#L193
totalStaked
is uint256, so require check always pass even thoughtotalStaked
is 0.getRageQuitAmounts
is used byrageQuit
function. Therefore, it is possible that users can callrageQuit
function whentotalStaked
is 0 which is not expected.Tools Used
static code analysis
Recommended Mitigation Steps
Fix the condition used at the require check. If
totalStaked
should not be zero, it can simply do like this: