New Beta Finance pool cannot be operated, freezing the rebalancing
Summary
When there is no shares issued for the pool yet, Beta Finance balanceUnderlying() will be reverted with division by zero, blocking Vault rebalancing.
Vulnerability Detail
If new Beta Finance pool is added to the Vault it will block the rebalancing as BetaProvider's balanceUnderlying() reverts when shares supply is zero.
Impact
Rebalancing will be frozen until this Beta pool be initiated somehow else. Vault cannot blacklist this Beta strategy as blacklistProtocol() relies on balanceUnderlying() as well.
Code Snippet
Beta balanceUnderlying() calculates balance by itself, but do not control for zero supply case:
hyh
medium
New Beta Finance pool cannot be operated, freezing the rebalancing
Summary
When there is no shares issued for the pool yet, Beta Finance balanceUnderlying() will be reverted with division by zero, blocking Vault rebalancing.
Vulnerability Detail
If new Beta Finance pool is added to the Vault it will block the rebalancing as BetaProvider's balanceUnderlying() reverts when shares supply is zero.
Impact
Rebalancing will be frozen until this Beta pool be initiated somehow else. Vault cannot blacklist this Beta strategy as blacklistProtocol() relies on balanceUnderlying() as well.
Code Snippet
Beta balanceUnderlying() calculates balance by itself, but do not control for zero supply case:
https://github.com/sherlock-audit/2023-01-derby/blob/main/derby-yield-optimiser/contracts/Providers/BetaProvider.sol#L77-L92
totalSupply() == 0
is a valid case for new pools.balanceUnderlying() is used in Vault rebalancing:
https://github.com/sherlock-audit/2023-01-derby/blob/main/derby-yield-optimiser/contracts/Vault.sol#L178-L203
It looks like strategy removal will be impossible also as it queries balanceUnderlying() and similarly be reverted:
https://github.com/sherlock-audit/2023-01-derby/blob/main/derby-yield-optimiser/contracts/Vault.sol#L477-L483
Tool used
Manual Review
Recommendation
Since it is more low level implementation for Beta, it is needed to control for corner cases in BetaProvider:
https://github.com/sherlock-audit/2023-01-derby/blob/main/derby-yield-optimiser/contracts/Providers/BetaProvider.sol#L77-L105