Open code423n4 opened 1 year ago
0xScotch marked the issue as sponsor confirmed
Downgrading to low as this would be an additional safety check on an admin setter.
Picodes changed the severity to QA (Quality Assurance)
Picodes marked the issue as grade-a
Lines of code
https://github.com/code-423n4/2023-02-malt/blob/main/contracts/DataFeed/MaltDataLab.sol#L448-L460 https://github.com/code-423n4/2023-02-malt/blob/main/contracts/DataFeed/MaltDataLab.sol#L602-L612
Vulnerability details
Impact
MaltDataLab.getActualPriceTarget()
reverts whenbreakpointBps = 10000
.Proof of Concept
In
setBreakpointBps()
, it's possiblebreakpointBps = 10000
.And in
getActualPriceTarget
, it calculatesm
like the below.As we can see from the comments,
purchaseParityInt = breakpointInt
whenbreakpointBps = 10000
and theABDKMath64x64
library reverts on zero division here.Tools Used
Manual Review
Recommended Mitigation Steps
Recommend setting
breakpointBps < 10000
always insetBreakpointBps()
function.