search

code-423n4 / 2023-04-caviar-findings

9 stars 4 forks source link

no check in place to ensure variable virtualNftReserves != 0 #962

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-04-caviar/blob/463473a74640f2bf5907c0376959f1215e861fbc/src/PrivatePool.sol#L740-L746

Vulnerability details

Impact

Currently virtualNftReserves can be set to zero when initializing a new private pool, as well as the fact it's default value is zero. This can have unintended consequences when the price() function is called for various pool calculations...

Proof of Concept

Tools Used

VSC

Recommended Mitigation Steps

Simple check at new pool creation as well as at price() also a check to ensure virtualNftReserves != 0

c4-pre-sort commented 1 year ago

0xSorryNotSorry marked the issue as low quality report

c4-judge commented 1 year ago

GalloDaSballo changed the severity to QA (Quality Assurance)

GalloDaSballo commented 1 year ago

L

c4-judge commented 1 year ago

GalloDaSballo marked the issue as grade-c