The contract code contains a division by zero error in the calculation of the timeBucket variable, which can lead to unexpected behavior and transaction revert.
Vulnerability Detail
In the getPrice function of the contract, the timeBucket is calculated by dividing the _timeElapsed by bucketSize as shown below:
uint256 timeBucket = _timeElapsed / bucketSize;
However, there is no validation to ensure that bucketSize is non-zero. If bucketSize is zero, the division operation will result in a division by zero error, causing the transaction to revert.
Impact
Transactions invoking the getPrice function with a bucketSize of zero will fail and revert, preventing the intended behavior of the contract
Oxhunter526
medium
Division by Zero Error in Time Bucket Calculation
Summary
The contract code contains a division by zero error in the calculation of the timeBucket variable, which can lead to unexpected behavior and transaction revert.
Vulnerability Detail
In the
getPricefunction of the contract, thetimeBucketis calculated by dividing the_timeElapsedby bucketSize as shown below:However, there is no validation to ensure that
bucketSizeis non-zero. IfbucketSizeis zero, the division operation will result in a division by zero error, causing the transaction to revert.Impact
Transactions invoking the
getPricefunction with abucketSizeof zero will fail and revert, preventing the intended behavior of the contractCode Snippet
( https://github.com/sherlock-audit/2023-06-Index/blob/main/index-protocol/contracts/protocol/integration/auction-price/BoundedStepwiseExponentialPriceAdapter.sol#L55 )
Tool used
Manual Review
Recommendation