First Flight #18: T-Swap
First Flight #18
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Lack of zero division check for `TSwapPool::getInputAmountBasedOnOutput` could result function fail to return value

soupy

Summary

In TSwapPool::getInputAmountBasedOnOutput, although there are checks to ensure outputAmount and outputReserves are not zero. But there is no check to ensure outputAmount != outputReserves, the lack of this check could lead to zero division error and cause the function to revert and fail

Vulnerability Details

The denominator of the return formula in function TSwapPool::getInputAmountBasedOnOutput specifies as ((outputReserves - outputAmount) * 997). If outputAmount == outputReserves, this will lead to zero division error causing the function to revert and fail

Impact

The function will revert and fail for zero division error when outputAmount is input as the same as outputReserves by user

Tools Used

Manual review

Recommendations

Add additional check for TSwapPool::getInputAmountBasedOnOutput as follows:

function getInputAmountBasedOnOutput(
uint256 outputAmount,
uint256 inputReserves,
uint256 outputReserves
)
public
pure
revertIfZero(outputAmount)
revertIfZero(outputReserves)
returns (uint256 inputAmount)
{
+ if (outputAmount == outputReserves) {
+ revert("outputAmount can not be the same as outputReserve");
+ }
return
((inputReserves * outputAmount) * 10000) /
((outputReserves - outputAmount) * 997);
}
Updates

Appeal created

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.