search

sherlock-audit / 2024-06-leveraged-vaults-judging

9 stars 8 forks source link

4b - DOS in `BaseStakingVault::convertStrategyToUnderlying()` #108

Closed sherlock-admin3 closed 2 months ago

sherlock-admin3 commented 2 months ago

4b

Medium

DOS in BaseStakingVault::convertStrategyToUnderlying()

Summary

In BaseStakingVault::convertStrategyToUnderlying() this line can result in a division by zero which will result in solidity reverts causing DOS

Vulnerability Detail

In BaseStakingVault::convertStrategyToUnderlying() on line 80 we can read a comment which says vaultSharesNotInWithdrawQueue can be 0, going forward vaultSharesNotInWithdrawQueue is used in to calculate vaultSharesValue like this;

uint256 vaultSharesValue = (vaultSharesNotInWithdrawQueue * stakeAssetPrice * BORROW_PRECISION) / (uint256(Constants.INTERNAL_TOKEN_PRECISION) * Constants.EXCHANGE_RATE_PRECISION); so whenever vaultSharesNotInWithdrawQueue=0 as commented the vaultSharesValue will revert because it will be a 0 division which automatically reverts in solidity

Impact

Division by zero errors will lead to DOS

Code Snippet

 function convertStrategyToUnderlying(
        address account,
        uint256 vaultShares,
        uint256 /* maturity */
    ) public virtual override view returns (int256 underlyingValue) {
        uint256 stakeAssetPrice = uint256(getExchangeRate(0));

        WithdrawRequest memory w = getWithdrawRequest(account);
        uint256 withdrawValue = _calculateValueOfWithdrawRequest(
            w, stakeAssetPrice, BORROW_TOKEN, REDEMPTION_TOKEN
        );
        //@audit
        // This should always be zero if there is a withdraw request.
        uint256 vaultSharesNotInWithdrawQueue = (vaultShares - w.vaultShares);

        //@audit 
        uint256 vaultSharesValue = (vaultSharesNotInWithdrawQueue * stakeAssetPrice * BORROW_PRECISION) /
            (uint256(Constants.INTERNAL_TOKEN_PRECISION) * Constants.EXCHANGE_RATE_PRECISION);
        return (withdrawValue + vaultSharesValue).toInt();
    }

Tool used

Manual Review

Recommendation

Implement logic to handle division by zero situations

sherlock-admin4 commented 2 months ago

1 comment(s) were left on this issue during the judging contest.

0xmystery commented:

Not possible because the denominator is made up of constants