Sablier
Sablier
DeFiFoundry
53,440 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Potential Division by Zero Vulnerability

atoko

Summary

while importing from Prb library as below

import { SD59x18 } from "@prb/math/src/SD59x18.sol";

the library has some rules that are to be followed ie

- The denominator must not be zero.
## Vulnerability Details
consider the following code
```javascript
// Divide the elapsed time by the total duration of the segment.
SD59x18 elapsedTimePercentage = elapsedTime.div(segmentDuration);

However, there is no check to ensure the segment duration is never 0. If the segment duration becomes zero due to certain conditions or configurations, a division by zero error could occur during the calculation process. This would result in transaction revert, disrupting the contract's normal operation and potentially causing financial loss.

Impact

Division by zero errors

(PoC):
The vulnerability arises when the segment duration (segmentDuration) becomes zero.
For instance, if the timestamps used to calculate segment duration end up being equal, the division operation elapsedTime.div(segmentDuration) would result in a division by zero error.

Tools Used

manual Review

Recommendations

Input Validation: Ensure that segment durations are always non-zero when configuring segments.

Updates

Lead Judging Commences

inallhonesty Lead Judge
about 1 year ago
inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.