First Flight #18: T-Swap
First Flight #18
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing Zero Check on Input Reserves in getInputAmountBasedOnOutput

josh4324

Summary

The getInputAmountBasedOnOutput function does not implement a check for zero values in the input reserves. This can result in division by zero errors, leading to potential contract failure and unexpected behavior.

Vulnerability Details

In automated market makers (AMMs) like Uniswap, it is crucial to ensure that reserve values are non-zero before performing arithmetic operations. The absence of zero checks for input reserves in the getInputAmountBasedOnOutput function can lead to division by zero errors, causing transactions to revert and potentially halting contract operations.

Impact

Transaction Failures: Any transaction that calls this function with zero input reserves will revert due to division by zero.

Tools Used

Manual Review

Recommendations

  1. Implement Zero Checks: Update the getInputAmountBasedOnOutput function to include checks ensuring that input reserves are greater than zero before performing calculations.

  2. Input Validation: Validate all inputs thoroughly to prevent similar issues across the contract.

function getInputAmountBasedOnOutput(
uint256 outputAmount,
uint256 inputReserves,
uint256 outputReserves
)
public
pure
revertIfZero(outputAmount)
revertIfZero(outputReserves)
+ revertIfZero(inputReserves)
returns (uint256 inputAmount)
{
return (inputReserves * outputAmount * 1000) / ((outputReserves - outputAmount) * 997);
}
Updates

Appeal created

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.