search

sherlock-audit / 2023-02-surge-judging

4 stars 1 forks source link

Avci - the shares value might be incorrect if the _tokenamount was 0 #269

Closed github-actions[bot] closed 1 year ago

github-actions[bot] commented 1 year ago

Avci

high

the shares value might be incorrect if the _tokenamount was 0

Summary

the shares value might be incorrect if the _tokenamount was 0

Vulnerability Detail

if the _tokenamount was zero it will cause such problems as division by zero because uint shares = _tokenAmount * _sharesTotalSupply / _supplied; 0*x = 0 / y => division by zero scenario

Impact

it can cause wrong logic calculations in shares value and can cause certain issues.

Code Snippet

 function tokenToShares (uint _tokenAmount, uint _supplied, uint _sharesTotalSupply, bool roundUpCheck) internal pure returns (uint) {
        if(_supplied == 0) return _tokenAmount;
        uint shares = _tokenAmount * _sharesTotalSupply / _supplied;
        if(roundUpCheck && shares * _supplied < _tokenAmount * _sharesTotalSupply) shares++;
        return shares;
    }

https://github.com/sherlock-audit/2023-02-surge/blob/main/surge-protocol-v1/src/Pool.sol#L199

Tool used

Manual Review

Recommendation

consider adding require to prevent zero in amount

Duplicate of #261