search

code-423n4 / 2023-11-shellprotocol-findings

7 stars 7 forks source link

Division by Zero and Precision Loss in computeOutputAmount Function #298

Closed c4-bot-4 closed 8 months ago

c4-bot-4 commented 8 months ago

Lines of code

https://github.com/code-423n4/2023-11-shellprotocol/blob/main/src/adapters/OceanAdapter.sol#L55

Vulnerability details

Impact

The vulnerability can cause a runtime exception due to division by zero, leading to contract execution reverting. Additionally, precision loss may occur in calculations due to truncation of remainders,

Proof of Concept

When unwrapFeeDivisor() unexpectedly returns zero, the division operation 'inputAmount / unwrapFeeDivisor()' in computeOutputAmount function triggers a division by zero error. This can be demonstrated by setting the unwrapFeeDivisor() function in OceanInteractions contract to return zero.

Tools Used

Recommended Mitigation Steps

function computeOutputAmount( uint256 inputToken, uint256 outputToken, uint256 inputAmount, address ocean, bytes32 metadata ) external returns (uint256 outputAmount) { uint256 unwrapFee = 0; uint256 divisor = IOceanInteractions(ocean).unwrapFeeDivisor();

    if (divisor != 0) {
        unwrapFee = inputAmount / divisor;
    } else {
        // Handle the scenario where divisor is zero
        // This could involve reverting, emitting an error, or alternative handling.
    }

    // Rest of the function...
}
// Other functions and contract logic...

Assessed type

Other

c4-pre-sort commented 8 months ago

raymondfam marked the issue as insufficient quality report

c4-pre-sort commented 8 months ago

raymondfam marked the issue as duplicate of #27

c4-judge commented 8 months ago

0xA5DF marked the issue as unsatisfactory: Invalid