It needs to check if normalizedTargetUnit is zero in the `_isQuoteAssetExcessOrAtTarget` function

Summary

If the normalizedTargetUnit is zero, it will raise the overflow error in the approximatelyEquals function. This means all the associated functions could not be callable including bid, unlock.

Vulnerability Detail

https://github.com/sherlock-audit/2023-06-Index/blob/main/index-protocol/contracts/protocol/modules/v1/AuctionRebalanceModuleV1.sol#L1210-L1215

File: contracts/protocol/modules/v1/AuctionRebalanceModuleV1.sol#L1210-L1215
    function _isQuoteAssetExcessOrAtTarget(ISetToken _setToken) internal view returns (bool) {
        RebalanceInfo storage rebalance = rebalanceInfo[_setToken];
        bool isExcess = _getDefaultPositionRealUnit(_setToken, rebalance.quoteAsset) > _getNormalizedTargetUnit(_setToken, rebalance.quoteAsset);
        bool isAtTarget = _getDefaultPositionRealUnit(_setToken, rebalance.quoteAsset).approximatelyEquals(_getNormalizedTargetUnit(_setToken, rebalance.quoteAsset), 1); // @audit should be checked if it's not zero, otherwise, it will revert always
        return isExcess || isAtTarget;
    }

Impact

As a result, the associated functions including the bid, unlock, raiseAssetTargets, are prevented from functioning properly.

Code Snippet

https://github.com/sherlock-audit/2023-06-Index/blob/main/index-protocol/contracts/protocol/modules/v1/AuctionRebalanceModuleV1.sol#L1210-L1215 https://github.com/sherlock-audit/2023-06-Index/blob/main/index-protocol/contracts/lib/PreciseUnitMath.sol#L218

Tool used

Manual Review

Recommendation

Recommend adding the validation to check if the normalizedTargetUnit is zero

File: contracts/protocol/modules/v1/AuctionRebalanceModuleV1.sol#L1076-L1092
    function _isQuoteAssetExcessOrAtTarget(ISetToken _setToken) internal view returns (bool) {
        RebalanceInfo storage rebalance = rebalanceInfo[_setToken];
        bool isExcess = _getDefaultPositionRealUnit(_setToken, rebalance.quoteAsset) > _getNormalizedTargetUnit(_setToken, rebalance.quoteAsset);

        uint256 normalizedTargetUnit = _getNormalizedTargetUnit(_setToken, rebalance.quoteAsset);
        bool isAtTarget = (normalizedTargetUnit > 0) 
            ? _getDefaultPositionRealUnit(_setToken, rebalance.quoteAsset).approximatelyEquals(normalizedTargetUnit, 1)
            : _getDefaultPositionRealUnit(_setToken, rebalance.quoteAsset) == normalizedTargetUnit; 
        return isExcess || isAtTarget;
    }

sherlock-audit / 2023-06-Index-judging

blackhole - It needs to check if normalizedTargetUnit is zero in the `_isQuoteAssetExcessOrAtTarget` function #50

It needs to check if normalizedTargetUnit is zero in the `_isQuoteAssetExcessOrAtTarget` function

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

sherlock-audit / 2023-06-Index-judging

blackhole - It needs to check if normalizedTargetUnit is zero in the `_isQuoteAssetExcessOrAtTarget` function #50

It needs to check if normalizedTargetUnit is zero in the _isQuoteAssetExcessOrAtTarget function

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

It needs to check if normalizedTargetUnit is zero in the `_isQuoteAssetExcessOrAtTarget` function