Submission Details
Severity:
`calculateSopPerWell` will revert in some case
Summary
calculateSopPerWell will revert in some case.
Vulnerability Details
uint256 shaveToLevel = totalNegativeDeltaB / positiveDeltaBCount;
// Loop through positive deltaB wells starting at the highest, re-use the deltaB value slot
// as reduction amount (amount of beans to flood per well).
for (uint256 i = positiveDeltaBCount; i > 0; i--) {
if (shaveToLevel > uint256(wellDeltaBs[i - 1].deltaB)) {
@ shaveToLevel += (shaveToLevel - uint256(wellDeltaBs[i - 1].deltaB)) / (i - 1);
// amount to sop for this well must be zero
wellDeltaBs[i - 1].deltaB = 0;
} else {
wellDeltaBs[i - 1].deltaB = wellDeltaBs[i - 1].deltaB - int256(shaveToLevel);
}
}
if shaveToLevel - uint256(wellDeltaBs[i - 1].deltaB) < i-1, division will revert. This function will revert.
For example:
LibFlood.WellDeltaB[] memory wellDeltaBs = new LibFlood.WellDeltaB[](7);
wellDeltaBs[0].deltaB = 90;
wellDeltaBs[1].deltaB = 80;
wellDeltaBs[2].deltaB = 70;
wellDeltaBs[3].deltaB = 60;
wellDeltaBs[4].deltaB = 50;
wellDeltaBs[5].deltaB = 19;
wellDeltaBs[6].deltaB = -120;
In this case, shaveToLevel = 120/6 = 20.
shaveToLevel - wellDeltaBs[5].deltaB = 20 - 19 = 1 < 5, division will revert.
Impact
Can't sop well in some case.
Tools Used
manual
Recommendations
+ if (shaveToLevel > uint256(wellDeltaBs[i - 1].deltaB)+i-1) {
_ if (shaveToLevel > uint256(wellDeltaBs[i - 1].deltaB)) {
shaveToLevel += (shaveToLevel - uint256(wellDeltaBs[i - 1].deltaB)) / (i - 1);
// amount to sop for this well must be zero
wellDeltaBs[i - 1].deltaB = 0;
} else {
wellDeltaBs[i - 1].deltaB = wellDeltaBs[i - 1].deltaB - int256(shaveToLevel);
}
Prize pool breakdown
Total prize
250,000 USDC
nSLOC
12,28520 USDC / LOC
220,000 USDC
10,000 USDC
20,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.