Summary

Potential issue in the roundUpDiv function, for the contract LibMath.sol,. The function is designed to perform division operations and round the results up. However, it lacks an explicit check for division by zero, relying on Solidity's default behaviour to revert transactions in such cases. This report details the implications of this behaviour, the tools used to analyse the issue, and provides recommendations for enhancing the contract's safety and clarity.

Vulnerability Details

The roundUpDiv function is intended to calculate the ceiling of the division between two unsigned integers a and b. The formula used is (a - 1) / b + 1. Critically, the function does not contain a conditional check for b == 0 before performing the division. In Solidity, dividing by zero triggers a transaction revert, but the absence of a customized revert message or explicit handling in the function could lead to less informative error handling and debugging challenges.

The relevant function signature is:

Proof of Concept (PoC)

The issue is demonstrated by the following test case, which intentionally triggers a division by zero to observe the contract's response:

This test confirms that the contract reverts when b is zero, as expected under Solidity's rules, but also highlights the lack of explicit error messaging, which could obscure the source of errors in more complex transactions.

Impact

The primary impact of this issue is related to developer experience and operational clarity. While the Ethereum Virtual Machine (EVM) handles division by zero errors by reverting the transaction, the lack of an explicit check and error message can make it harder for developers to understand and diagnose issues during development and in production environments. This can lead to increased development costs and potential delays.

Furthermore, relying on the EVM's default revert mechanism without specific error messages can obscure the source of errors in complex transactions, reducing the auditability and maintainability of the contract.

Tools Used

• Manual Review

Recommendations

To mitigate the risks associated with this issue and improve the contract's robustness and developer experience, the following recommendations are proposed:

1. Explicit Division by Zero Checks: Modify the roundUpDiv function to include an explicit check for b != 0. Implement a custom revert message to provide clearer feedback when a division by zero attempt occurs.

   function roundUpDiv(uint256 a, uint256 b) internal pure returns (uint256) {

   require(b != 0, "roundUpDiv: division by zero");

   if (a == 0) return 0;

   return (a - 1) / b + 1;

   }