Division by Zero Not Prevented
Summary
The SablierV2NFTDescriptor contract contains a division operation that lacks a check for zero values in the divisor, potentially causing the function to revert if a zero value is passed as input.
Vulnerability Details
The vulnerability is located in the SablierV2NFTDescriptor.sol file. Specifically, there is a division operation that uses the depositedAmount variable as the divisor without verifying that it is non-zero. If depositedAmount is zero, the function will revert due to a division by zero error.
Impact
The impact of this vulnerability is that any call to this function with a depositedAmount of zero will revert, potentially disrupting the intended functionality and flow of the contract. This can lead to unexpected failures and a poor user experience.
Tools Used
Manual code review
Recommendations
Add a zero check: Implement a check to ensure
depositedAmountis not zero before performing the division. IfdepositedAmountis zero, handle the case appropriately, either by returning a default value or by reverting with a clear error message.
Example:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.