Sablier

DeFiFoundry

53,440 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Potential Division by Zero in calculateStreamedPercentage Function

lordofterra

Vulnerability Details

The calculateStreamedPercentage function calculates the percentage of the deposited amount that has been streamed so far. However, it does not explicitly handle the case where depositedAmount is zero, which can lead to a division by zero error.

function calculateStreamedPercentage(uint128 streamedAmount, uint128 depositedAmount) internal pure returns (uint256) {

// This cannot overflow because both inputs are uint128s, and zero deposit amounts are not allowed in Sablier.

unchecked {

return streamedAmount * 10_000 / depositedAmount;

}

Proof of Concept

Consider a function tokenURI that generates metadata for an NFT. If calculateStreamedPercentage is called within this function and the depositedAmount is zero, the function will revert, causing the entire metadata generation process to fail.

Impact

If depositedAmount is zero, the division operation will cause the transaction to revert, leading to potential disruptions in the contract's functionality.
Users might experience failed transactions without a clear understanding of the cause, leading to confusion and frustration.

Tools Used

manual review

Recommendations

Ensure that depositedAmount is greater than zero before performing the division.

Here is an updated version of the calculateStreamedPercentage function that includes a check for zero depositedAmount:

function calculateStreamedPercentage(uint128 streamedAmount, uint128 depositedAmount) internal pure returns (uint256) {

require(depositedAmount > 0, "Deposited amount must be greater than zero");

// This cannot overflow because both inputs are uint128s, and zero deposit amounts are not allowed in Sablier.

unchecked {

return (streamedAmount * 10_000) / depositedAmount;

}

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

53,440 USDC

nSLOC

2,655

20 USDC / LOC

High Medium

45,000 USDC

Low

3,100 USDC

Judges

5,340 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.