search

sherlock-audit / 2023-10-real-wagmi-judging

16 stars 14 forks source link

Bauer - Missing check for `sqrtRatioAX96 > 0` #60

Closed sherlock-admin2 closed 11 months ago

sherlock-admin2 commented 11 months ago

Bauer

medium

Missing check for sqrtRatioAX96 > 0

Summary

When sqrtRatioAX96 is zero, it can lead to problematic calculations, such as division by zero or other errors. Uniswap V3 addresses a similar concern by incorporating a requirement require(sqrtRatioAX96 > 0), which ensures that sqrtRatioAX96 is always greater than zero.

Vulnerability Detail

In the LiquidityAmounts.getAmount0ForLiquidity() function, there is an issue with sqrtRatioAX96 not being checked for a value of 0 before performing calculations. If sqrtRatioAX96 is 0, it could lead to problematic calculations, possibly resulting in division by zero or other errors. In Uniswap V3, a similar calculation is safeguarded with the requirement require(sqrtRatioAX96 > 0) to ensure that sqrtRatioAX96 is not zero, preventing potential issues. The absence of such a check in this code could pose a risk in scenarios where sqrtRatioAX96 might become 0, and it's essential to validate this value to ensure the correctness and safety of the calculations.

function getAmount0ForLiquidity(
        uint160 sqrtRatioAX96,
        uint160 sqrtRatioBX96,
        uint128 liquidity
    ) internal pure returns (uint256 amount0) {
        if (sqrtRatioAX96 > sqrtRatioBX96)
            (sqrtRatioAX96, sqrtRatioBX96) = (sqrtRatioBX96, sqrtRatioAX96);

        return
            FullMath.mulDiv(
                uint256(liquidity) << FixedPoint96.RESOLUTION,
                sqrtRatioBX96 - sqrtRatioAX96,
                sqrtRatioBX96
            ) / sqrtRatioAX96;
    }

function getAmount0Delta(uint160 sqrtRatioAX96, uint160 sqrtRatioBX96, uint128 liquidity, bool roundUp)
        internal
        pure
        returns (uint256 amount0)
    {
        unchecked {
            if (sqrtRatioAX96 > sqrtRatioBX96) (sqrtRatioAX96, sqrtRatioBX96) = (sqrtRatioBX96, sqrtRatioAX96);

            uint256 numerator1 = uint256(liquidity) << FixedPoint96.RESOLUTION;
            uint256 numerator2 = sqrtRatioBX96 - sqrtRatioAX96;

            require(sqrtRatioAX96 > 0);

            return roundUp
                ? UnsafeMath.divRoundingUp(FullMath.mulDivRoundingUp(numerator1, numerator2, sqrtRatioBX96), sqrtRatioAX96)
                : FullMath.mulDiv(numerator1, numerator2, sqrtRatioBX96) / sqrtRatioAX96;
        }
    }

Impact

The absence of the check for sqrtRatioAX96 > 0 could lead to potential issues in the calculation process.

Code Snippet

https://github.com/sherlock-audit/2023-10-real-wagmi/blob/main/wagmi-leverage/contracts/abstract/LiquidityManager.sol#L129

Tool used

Manual Review

Recommendation

Implement a validation check to ensure that sqrtRatioAX96 is a positive value before performing any calculations that rely on it

sherlock-admin2 commented 11 months ago

1 comment(s) were left on this issue during the judging contest.

tsvetanovv commented:

Low