Open code423n4 opened 2 years ago
It is unclear how the function / availability of the protocol is at risk here as a sample with window 0 is a no-op (no observations are being sampled).
downgrading to QA, wardens fails to show the impact of the issue.
Lines of code
https://github.com/code-423n4/2022-09-canto/blob/main/src/Swap/BaseV1-core.sol#L271-L289 https://github.com/code-423n4/2022-09-canto/blob/main/src/Swap/BaseV1-core.sol#L261
Vulnerability details
Impact
In BaseV1Pair contract, when calling sampleSupply(), a zero value for window argument , it will always return empty fixed sized array.
When window argument is 0, the for loop will be bypassed and sampleSupply() will return _totalSupply which is an empty array of n-points number of empty arrays.
Proof of Concept
https://github.com/code-423n4/2022-09-canto/blob/main/src/Swap/BaseV1-core.sol#L271-L289
Tools Used
Manual review
Recommended Mitigation Steps
A require check for zero value may be necessary to resolve this.