Posible underflow - Githubissues

hats-bug-reporter[bot] commented 4 months ago

Github username: @Jelev123 Twitter username: zhulien_zhelev Submission hash (on-chain): 0x66b1c9c2698b4ed41a28b4d0659a0a067ff65382c218c541beaf284a260af662 Severity: medium

Description: Description\ Posible underflow in function pullRewards

Proof of Concept (PoC) File

In pullRewards function it get the balance`

uint256 balance = token.balanceOf(address(this)); and after that it makes calculation with this balance. https://github.com/hats-finance/Convergence---Convex-integration-0xb3df23e155b74ad2b93777f58980d6727e8b40bb/blob/246e3ac71f3f2e4ab7eded0f347ad8d070410262/contracts/Staking/Convex/cvxAsset/CvxAssetStakerBuffer.sol#L163-L167

uint256 processorFees = (balance * rewardConfig.processorFees) / DENOMINATOR;

uint256 podFees = (balance * rewardConfig.podFees) / DENOMINATOR;

uint256 amountToStakers = balance - podFees - processorFees;

if uint256 balance = token.balanceOf(address(this)); is 0 it will lead to underflow

Recommendation

After the balance is got check it for zero balance != 0

PlamenTSV commented 4 months ago

If the balance is 0, the fees will be calculated as 0 as they are derived from the balance via multiplication

Jelev123 commented 4 months ago

Got it tnx

hats-finance / Convergence---Convex-integration-0xb3df23e155b74ad2b93777f58980d6727e8b40bb

Posible underflow #77