bigbick123456789000 - Division by Zero Vulnerability in `MetaQuantsFactory` Contract

[sherlock-admin2]

bigbick123456789000

medium

Division by Zero Vulnerability in MetaQuantsFactory Contract

Summary

see below

Vulnerability Detail

The vulnerability arises in the MetaQuantsFactory contract within the _parsePrices function, specifically in the computation of the price when the exponent is less than zero. In this scenario, the code attempts to calculate significand.div(base), which can lead to a division by zero error.

Impact

The impact of this vulnerability is a potential runtime error due to division by zero. If the exponent is less than zero, indicating that base is larger than significand, attempting to execute significand.div(base) will result in a division by zero error. This error can cause the contract transaction to revert, disrupting the intended functionality and potentially leading to loss of gas fees.

Code Snippet

#L36-L60

Tool used

Manual Review

Recommendation

Add a check to ensure that division by zero does not occur. This can be achieved by verifying whether base is zero or non-zero before executing the division operation.

[sherlock-admin3]

2 comment(s) were left on this issue during the judging contest.

panprog commented:

invalid, base is 10**exponent, which can not be 0

0xAadi commented:

Invalid The smallest possible base value in this context would be 1

[nevillehuang]

Invalid, base will never be zero