TempleGold
TempleDAO
Foundry
25,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Math Error - minting will fail if mint denominator is to 0

Baptizer

Summary

There is a math problem in the contract, which was unchecked. It is about the denominator of the vesting factor - _factor.denominator

Vulnerability Details

This vulnerability is in the mint function:

function mint() external override onlyArbitrum {
VestingFactor memory vestingFactorCache = vestingFactor;
DistributionParams storage distributionParamsCache = distributionParams;
if (vestingFactorCache.numerator == 0) { revert ITempleGold.MissingParameter(); }
uint256 mintAmount = _getMintAmount(vestingFactorCache);
/// @dev no op silently
if (!_canDistribute(mintAmount)) { return; }
lastMintTimestamp = uint32(block.timestamp);
_distribute(distributionParamsCache, mintAmount);
}

The user will have to set the fraction of their vestingFactorCache. Due to naivety or any other reason, a user can set their denominator to 0.

In maths, every number with an undefined denominator is assumed to have a denominator of 1. For example, number 8is simply the same as 8 / 1.

But now 8 / 0in the usual Base 10 will result in a total math error, and not even any number at all.

Math PoC Applied in the Instant Case

  • a user sets this _factor.numerator = 60 seconds; ````_factor.denominator = 0 days;

  • 60 / 0 returns an error immediately

  • Equation is unsuccessful

  • Function fails

Impact

The equation will be unsuccessful and the math will fail!

Tools Used

Manual review.

Recommendations

Create a check that bounces the possibility of the denominator to being set at 0.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.