Division by Zero Vulnerability in LiquidationPool.sol
Summary
This report identifies a critical vulnerability in the LiquidationPool.sol contract that can cause a division by zero error and potentially halt the execution of the contract or produce incorrect results.
Vulnerability Details
The vulnerability is located in three lines of code (88, 219, and 221) where a division operation is performed without checking if the divisor is zero. This can happen if the input values are zero or the functions getTstTotal(), stakeTotal(), and _collateralRate are zero. The contract does not handle these edge cases and does not revert or throw an exception in case of a division by zero.
https://github.com/Cyfrin/2023-12-the-standard/blob/main/contracts/LiquidationPool.sol#L88
Impact
The impact of this vulnerability is high, as it can affect the functionality and security of the contract. A division by zero can cause the contract to revert or return an invalid value, which can lead to unexpected behavior or loss of funds. For example, if line 88 is executed with a zero value for getTstTotal(), the _position.EUROs will be set to zero, which can affect the balance and liquidity of the pool. Similarly, if line 219 or 221 is executed with a zero value for stakeTotal() or _collateralRate, the asset.amount or _hundredPC will be divided by zero, which can result in an overflow or underflow of the uint256 type.
Tools Used
manual code review
Recommendations
To prevent this vulnerability, it is recommended to add a require statement or a modifier to check if the divisor is greater than zero before performing the division operation.
Lead Judging Commences
informational/invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.