Upgraded Q -> 2 from #1018 [1714929888280]

[c4-judge]

Judge has assessed an item in Issue #1018 as 2 risk. The relevant finding follows:

[L-1] assetPrice() queries from Kerosene price to determine price will fail when TVL is 0 In the case TVL is 0, the function will revert as it attempts a subtraction from 0 operation which runs into an underflow. https://github.com/code-423n4/2024-04-dyad/blob/main/src/core/Vault.kerosine.unbounded.sol#L65

function assetPrice() public view override returns (uint) { uint tvl; address[] memory vaults = kerosineManager.getVaults(); uint numberOfVaults = vaults.length; for (uint i = 0; i < numberOfVaults; i++) { Vault vault = Vault(vaults[i]); tvl += vault.asset().balanceOf(address(vault))

• vault.assetPrice() 1e18 / (10vault.asset().decimals()) / (10vault.oracle().decimals()); } @> uint numerator = tvl - dyad.totalSupply(); // @audit revert if TVL resolves to 0 uint denominator = kerosineDenominator.denominator(); return numerator 1e8 / denominator; } Return 0 or implement a case where if the TVL is 0, return no price:

function assetPrice() public view override returns (uint) { uint tvl; address[] memory vaults = kerosineManager.getVaults(); uint numberOfVaults = vaults.length; for (uint i = 0; i < numberOfVaults; i++) { Vault vault = Vault(vaults[i]); tvl += vault.asset().balanceOf(address(vault))

• vault.assetPrice() * 1e18 / (10vault.asset().decimals()) / (10vault.oracle().decimals()); }
  • if (tvl == 0) { return 0;} uint numerator = tvl - dyad.totalSupply(); uint denominator = kerosineDenominator.denominator(); return numerator * 1e8 / denominator; }

[c4-judge]

koolexcrypto marked the issue as duplicate of #308

[c4-judge]

koolexcrypto marked the issue as satisfactory

[c4-judge]

koolexcrypto changed the severity to 3 (High Risk)