sherlock-audit / 2023-01-illuminate-judging

1 stars 0 forks source link

0xmuxyz - If `"0"` is assigned into the parameter `"a"` on `lend()` method for the Notional Protocol, the calculation of fee will results in `"underflow"` #40

Closed github-actions[bot] closed 1 year ago

github-actions[bot] commented 1 year ago

0xmuxyz

medium

If "0" is assigned into the parameter "a" on lend() method for the Notional Protocol, the calculation of fee will results in "underflow"

Summary

If 0 is assigned into the parameter a on the lend() method for the Notional Protocol, the calculation of fee will results in underflow due to lack of input validation for an argument value of the parameter a .

Vulnerability Detail

For the moment, there is no input validation for an argument value that is assigned into the parameter a . Therefore, if 0 is assigned into the parameter a on the lend() method for the Notional Protocol, the calculation of fee ( uint256 fee = a / feenominator ) results in underflow . Lender.sol#L875-L889

    /// @dev lend method signature for Notional
    /// @param p principal value according to the MarketPlace's Principals Enum
    /// @param u address of an underlying asset
    /// @param m maturity (timestamp) of the market
    /// @param a amount of underlying tokens to lend
    /// @param r slippage limit, minimum amount to PTs to buy
    /// @return uint256 the amount of principal tokens lent out
    function lend(
        uint8 p,
        address u,
        uint256 m,
        uint256 a,  /// @audit - There is no input validation for this parameter inside this lend() method.
        uint256 r
    ) external nonReentrant unpaused(u, m, p) matured(m) returns (uint256) {
        ...

        // Determine the fee
        uint256 fee = a / feenominator;  /// @audit - This calculation will results in "underflow" if "0" is assigned into the parameter "a". 

Impact

Code Snippet

Tool used

Manual Review

Recommendation

Consider adding an input validation for checking whether or not the argument value of a is 0 like this:

    function lend(
        uint8 p,
        address u,
        uint256 m,
        uint256 a,  /// @audit - There is no input validation for this parameter inside this lend() method.
        uint256 r
    ) external nonReentrant unpaused(u, m, p) matured(m) returns (uint256) {
        require(a != 0, "a must be more than 0");
        ...
    }