Potential Division by Zero in utilizationRate method

[code423n4]

Lines of code

https://github.com/code-423n4/2023-05-venus/blob/main/contracts/WhitePaperInterestRateModel.sol#L86-L94

Vulnerability details

Impact

In the case where cash + borrows - reserves equals 0, the function would try to divide by zero which will result in a runtime error.

Proof of Concept

An attacker might manipulate the state of the contract to where cash + borrows - reserves equals zero. Location of the security issue with code snippet: In the utilizationRate function:

return (borrows * BASE) / (cash + borrows - reserves);

Tools Used

Hardhat

Recommended Mitigation Steps

Add a check to prevent division by zero:

uint256 denominator = cash + borrows - reserves;
if (denominator == 0) {
    return 0;
}
return (borrows * BASE) / denominator;

Assessed type

Math

[c4-judge]

0xean marked the issue as unsatisfactory: Insufficient quality