search

code-423n4 / 2023-08-dopex-findings

3 stars 3 forks source link

_updateFundingRate() can give infinite value due to division by 0 #895

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-08-dopex/blob/main/contracts/perp-vault/PerpetualAtlanticVault.sol#L594-L614

Vulnerability details

Impact

startTime and endTime could be same while updating funding rate.

Proof of Concept

_updateFundingRate updates the pointer to the latest funding payment timestamp i.e; latestFundingPaymentPointer the problem with _updateFundingRate is in if statement i.e; when latestFundingPaymentPointer is zero, it updates latestFundingPaymentPointer to fundingRates[latestFundingPaymentPointer] = (amount * 1e18) / (endTime - startTime); without checking if the startTime and endTime are same. Updating funding rate when latestFundingPaymentPointer is zero makes the findingrates mapping set to infinity, which should not be the case.

Tools Used

Manual

Recommended Mitigation Steps

check startTime and endTime should not be the same as in else statement, if (endTime == startTime) return; https://github.com/code-423n4/2023-08-dopex/blob/main/contracts/perp-vault/PerpetualAtlanticVault.sol#L609-L609

Assessed type

Other

bytes032 commented 1 year ago

Invalid

c4-pre-sort commented 1 year ago

bytes032 marked the issue as low quality report

c4-judge commented 1 year ago

GalloDaSballo marked the issue as unsatisfactory: Invalid