AuditorPraise - if baseInputRatio == quoteInputRatio, there will be no `mintRatio` in GSPFunding.buyShares(), this will affect the shares minted for users.

[sherlock-admin2]

AuditorPraise

medium

if baseInputRatio == quoteInputRatio, there will be no mintRatio in GSPFunding.buyShares(), this will affect the shares minted for users.

Summary

The issues lies in the logic of GSPFunding.buyShares() as it misses an edge-case scenario when calculating mintRatio.

Vulnerability Detail

 uint256 mintRatio = quoteInputRatio < baseInputRatio ? quoteInputRatio : baseInputRatio;

The issue is that baseInputRatio could == quoteInputRatio, this is very possible when users transfer equal amount of baseToken and quoteToken.

Like take for example Dai and USDT pair which both have relatively the same value with USD $. Users could always decide to split their funds equally among the duo when buying shares.

Now since mintRatio value is gotten based on the inequality of quoteInputRatio and baseInputRatio, this could cause issues, as it will have null value.

Impact

Shares minted to users will be affected whenever baseInputRatio == quoteInputRatio. Medium severity due to this scenario being an edge case scenario.

This is an edge case scenario that is possible.

Code Snippet

https://github.com/sherlock-audit/2023-12-dodo-gsp/blob/main/dodo-gassaving-pool/contracts/GasSavingPool/impl/GSPFunding.sol#L65-L76

Tool used

Manual Review

Recommendation

before calculating mintRatio here, check if baseInputRatio == quoteInputRatio. Then assign any of their values to mintRatio. This ensures that mintRatio always has a value.

[nevillehuang]

Invalid, mintRatio will be equal to baseInputRatio not null, so no issue here