DeFiHardhat
12,000 USDC
View results
Submission Details
Severity: low
Invalid

`MultiFlowPump` assumes non-zero `reserves` but does not enforce it strictly in all cases

Summary

In the _init() function, there is a loop that checks if _reserve is zero and returns if so, but this check is not present in other functions that also handle reserves, such as readInstantaneousReserves(), readCappedReserves(), and others. This inconsistency could lead to unexpected behavior if zero reserves are encountered outside of initialization.

Vulnerability Details

Here's the relevant part from _init():

init()

for (uint256 i; i < numberOfReserves; ++i) {
uint256 _reserve = reserves[i];
if (_reserve == 0) return;
byteReserves[i] = _reserve.fromUIntToLog2();
}

In other functions there is no explicit check for zero reserves before proceeding with calculations that assume non-zero values.

Impact

This could potentially lead to incorrect calculations or other unintended effects.

Tools Used

Manual Review

Recommendations

Add a check after retrieving the current reserves. If any reserve is zero, the function could revert or handle it according to the intended logic.
This approach prevents any subsequent calculations from being performed with a zero reserve, which could lead to incorrect results or mathematical errors.

Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice
Assigned finding tags:

Informational/Invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.