potential temporary denial of service when adding the first pool with _allocPoint == 0
Summary
when creating the first pools by calling function add(uint256 _allocPoint, address _lpToken, string memory _description, bool _withUpdate) public onlyOwner returns (uint256), if the _allocPoint is set to 0, all future calls to function updatePool(uint256 _pid) public will fail.
Vulnerability Detail
when creating new pools the _allocPoint is added to the totalAllocPoint, if the first pool is created with _allocPoint = 0, the totalAllocPoint still remains 0.
in the function updatePool the pointReward is calculated as uint256 pointReward = blockMultiplier * _pointsPerBlock * _allocPoint / totalAllocPoint;
This raises a division by zero exception.
FonDevs
medium
potential temporary denial of service when adding the first pool with
_allocPoint == 0
Summary
when creating the first pools by calling
function add(uint256 _allocPoint, address _lpToken, string memory _description, bool _withUpdate) public onlyOwner returns (uint256)
, if the_allocPoint
is set to 0, all future calls tofunction updatePool(uint256 _pid) public
will fail.Vulnerability Detail
when creating new pools the
_allocPoint
is added to thetotalAllocPoint
, if the first pool is created with_allocPoint
= 0, thetotalAllocPoint
still remains 0. in thefunction updatePool
the pointReward is calculated asuint256 pointReward = blockMultiplier * _pointsPerBlock * _allocPoint / totalAllocPoint;
This raises a division by zero exception.Impact
all calls to
function updatePool
revertCode Snippet
https://github.com/sherlock-audit/2024-05-sophon/blob/main/farming-contracts/contracts/farm/SophonFarming.sol#L153
Tool used
Manual Review
Recommendation
prevent creating pools with
_allocPoint
== 0.