Currently virtualNftReserves can be set to zero when initializing a new private pool, as well as the fact it's default value is zero. This can have unintended consequences when the price() function is called for various pool calculations...
Proof of Concept
Tools Used
VSC
Recommended Mitigation Steps
Simple check at new pool creation as well as at price() also a check to ensure virtualNftReserves != 0
Lines of code
https://github.com/code-423n4/2023-04-caviar/blob/463473a74640f2bf5907c0376959f1215e861fbc/src/PrivatePool.sol#L740-L746
Vulnerability details
Impact
Currently virtualNftReserves can be set to zero when initializing a new private pool, as well as the fact it's default value is zero. This can have unintended consequences when the price() function is called for various pool calculations...
Proof of Concept
Tools Used
VSC
Recommended Mitigation Steps
Simple check at new pool creation as well as at price() also a check to ensure virtualNftReserves != 0