Avci - _receivePortfolio function will not be able to operate at first

[sherlock-admin]

Avci

medium

_receivePortfolio function will not be able to operate at first

Summary

_receivePortfolio function will not be able to operate at first

Vulnerability Detail

in contract Poolbalance.sol the require will fail, because at first portfolio mapping will be clear so the contract cannot receive a portfolio

 function _receivePortfolio(address token, address sender, uint256 amount) internal virtual {
        AddressUtils.checkNotZero(token);
        AddressUtils.checkNotZero(sender);
        _checkAmountPositive(amount);
        _require(sender != address(this), Errors.SENDER_INVALID);

        uint256 portfolio = _getPortfolio(token);
        _require(amount <= portfolio, Errors.AMOUNT_INVALID);

        _setPortfolio(token, portfolio - amount);

        IERC20(token).safeTransferFrom(sender, address(this), amount);

        emit PortfolioReceived(token, sender, amount);
    }

because of

 _require(amount <= portfolio, Errors.AMOUNT_INVALID);

Impact

in contract Poolbalance.sol the require will fail, because at first portfolio mapping will be clear so the contract cannot receive a portfolio

Code Snippet

function _receivePortfolio(address token, address sender, uint256 amount) internal virtual { AddressUtils.checkNotZero(token); AddressUtils.checkNotZero(sender); _checkAmountPositive(amount); _require(sender != address(this), Errors.SENDER_INVALID);

    uint256 portfolio = _getPortfolio(token);
    _require(amount <= portfolio, Errors.AMOUNT_INVALID);

    _setPortfolio(token, portfolio - amount);

    IERC20(token).safeTransferFrom(sender, address(this), amount);

    emit PortfolioReceived(token, sender, amount);
}

https://github.com/sherlock-audit/2023-04-unitasprotocol/blob/main/Unitas-Protocol/src/PoolBalances.sol#L64-L79

Tool used

Manual Review

Recommendation

• consider having some initial portfoilo or changing the require logic