The vulnerability can cause the distribute function to revert if totalShares is zero. This can halt the distribution process, leading to a denial of service for revenue distribution. It can prevent the contract from functioning as intended, affecting all stakeholders relying on the distribution mechanism.
if (totalShares != 0) tokensPerShare = amount / totalShares;
Proof of Concept
Setup:
Deploy the DistributorP1 contract.
Ensure no distributions are set or all distributions have zero values.
Trigger the Bug:
Call the distribute function with any amount of rsr or rToken.
Lines of code
https://github.com/code-423n4/2024-07-reserve/blob/3f133997e186465f4904553b0f8e86ecb7bbacbf/contracts/p1/Distributor.sol#L120-L200
Vulnerability details
Impact
The vulnerability can cause the
distribute
function to revert iftotalShares
is zero. This can halt the distribution process, leading to a denial of service for revenue distribution. It can prevent the contract from functioning as intended, affecting all stakeholders relying on the distribution mechanism.if (totalShares != 0) tokensPerShare = amount / totalShares;
Proof of Concept
DistributorP1
contract.distribute
function with any amount ofrsr
orrToken
.// Initialize the contract with zero distributions distributor.init(main, RevenueShare(0, 0));
// Attempt to distribute tokens distributor.distribute(rsr, 1000); // This will revert due to zero totalShares
function distribute(IERC20 erc20, uint256 amount) external { // Intentionally do not check notTradingPausedOrFrozen, since handled by caller
}