function assetPrice()
public
view
override
returns (uint) {
uint tvl;
address[] memory vaults = kerosineManager.getVaults();
uint numberOfVaults = vaults.length;
for (uint i = 0; i < numberOfVaults; i++) {
Vault vault = Vault(vaults[i]);
tvl += vault.asset().balanceOf(address(vault))
vault.assetPrice() 1e18
/ (10vault.asset().decimals())
/ (10vault.oracle().decimals());
}
@> uint numerator = tvl - dyad.totalSupply(); // @audit revert if TVL resolves to 0
uint denominator = kerosineDenominator.denominator();
return numerator 1e8 / denominator;
}
Return 0 or implement a case where if the TVL is 0, return no price:
function assetPrice()
public
view
override
returns (uint) {
uint tvl;
address[] memory vaults = kerosineManager.getVaults();
uint numberOfVaults = vaults.length;
for (uint i = 0; i < numberOfVaults; i++) {
Vault vault = Vault(vaults[i]);
tvl += vault.asset().balanceOf(address(vault))
Judge has assessed an item in Issue #1018 as 2 risk. The relevant finding follows:
[L-1] assetPrice() queries from Kerosene price to determine price will fail when TVL is 0 In the case TVL is 0, the function will revert as it attempts a subtraction from 0 operation which runs into an underflow. https://github.com/code-423n4/2024-04-dyad/blob/main/src/core/Vault.kerosine.unbounded.sol#L65
function assetPrice() public view override returns (uint) { uint tvl; address[] memory vaults = kerosineManager.getVaults(); uint numberOfVaults = vaults.length; for (uint i = 0; i < numberOfVaults; i++) { Vault vault = Vault(vaults[i]); tvl += vault.asset().balanceOf(address(vault))
function assetPrice() public view override returns (uint) { uint tvl; address[] memory vaults = kerosineManager.getVaults(); uint numberOfVaults = vaults.length; for (uint i = 0; i < numberOfVaults; i++) { Vault vault = Vault(vaults[i]); tvl += vault.asset().balanceOf(address(vault))