OsToken::setCapacity() - L163: Unless it was intended to be able to set `capacity` to 0, e.g. for emergency or other scenarios, then there should be a check to avoid zero value assignment.

[hats-bug-reporter[bot]]

Github username: @dappconsulting Submission hash (on-chain): 0xa01ed2f9efb22c5cc229db911375bdc18accea086d8d98d90112fc41aef12566 Severity: low

Description: Description\

OsToken::setCapacity() - L163: Unless it was intended to be able to set capacity to 0, e.g. for emergency or other scenarios, then there should be a check to avoid zero value assignment.

https://github.com/stakewise/v3-core/blob/9c30c45878397aa97918cbafcc6a62e4be4bbd4d/contracts/osToken/OsToken.sol#L163

Recommendation:

Add above this line the below check:

capacity = _capacity;

Check:

if (_capacity == 0) revert Errors.ZeroValue();

Attack Scenario\

No exploit, but wont be able to mint OsToken if capacity == 0.

Attachments

1. Proof of Concept (PoC) File

2. Revised Code File (Optional)

[tsudmi]

Yes, the capacity can be set to 0 for emergency