If the curve.length is too large, unit could round down to 0, the subsequent function call will revert. Users might fail to extendLock() or increaseLock() and suffer a loss.
Vulnerability Detail
There is no 0 value check for unit when update the curve. If the length of new curve is too large, unit = maxLockDuration / (curve.length - 1) could round down to 0.
Impact
Some functions call getMultiplier() will revet, such as deposit(), extendLock(), increaseLock(), causing DoS. If users can not extendLock() or increaseLock(), they might suffer a loss.
141345
medium
unit and curve.length need sanity check
Summary
If the curve.length is too large, unit could round down to 0, the subsequent function call will revert. Users might fail to
extendLock()orincreaseLock()and suffer a loss.Vulnerability Detail
There is no 0 value check for
unitwhen update thecurve. If the length of newcurveis too large,unit = maxLockDuration / (curve.length - 1)could round down to 0.Impact
Some functions call
getMultiplier()will revet, such asdeposit(),extendLock(),increaseLock(), causing DoS. If users can notextendLock()orincreaseLock(), they might suffer a loss.Code Snippet
https://github.com/sherlock-audit/2022-10-merit-circle/blob/main/merit-liquidity-mining/contracts/TimeLockPool.sol#L308
https://github.com/sherlock-audit/2022-10-merit-circle/blob/main/merit-liquidity-mining/contracts/TimeLockPool.sol#L233-L246
Tool used
Manual Review
Recommendation
Add 0 check for
unitwhen update thecurve.Duplicate of #10