Unchecked Arithmetic: Bypassing the built-in overflow and underflow checks can lead to vulnerabilities where values wrap around, leading to unexpected behavior in the contract.
Summary
The provided LibVault library contains several arithmetic operations. While Solidity 0.8 and later versions have built-in overflow and underflow checks, it's crucial to ensure that all arithmetic operations are safe and do not lead to unintended consequences.
Vulnerability Details
Unchecked Arithmetic Operations: The library uses unchecked arithmetic operations in multiple places. While Solidity 0.8 has built-in overflow and underflow checks, using unchecked operations bypasses these checks. This can lead to vulnerabilities if not handled correctly.
Potential for Division by Zero: In the updateYield function, there is a division operation yield.divU80(zethCollateral). If zethCollateral is zero, this will throw an error.
Impact
Unchecked Arithmetic: Bypassing the built-in overflow and underflow checks can lead to vulnerabilities where values wrap around, leading to unexpected behavior in the contract.
Division by Zero: If not handled, this can cause the contract to revert, potentially disrupting its normal operation.
Tools Used
Manual code review
Recommendations
Use Checked Arithmetic: Even though Solidity 0.8 has built-in checks, it's a good practice to be explicit about potential overflows and underflows. Consider using the SafeMath library or ensure that you're not bypassing Solidity's checks without a good reason.
Handle Division by Zero: Before performing a division, always check if the denominator is zero. If it is, handle the error gracefully, either by reverting with a clear error message or by providing a fallback mechanism.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.