The Solidity code in OfferLibraries.sol
contains functions getDepositAmount
and getRefundAmount
that potentially suffer from division by zero vulnerabilities and lack of comprehensive input validation. These issues could lead to unexpected behavior and logical errors in the contract's execution.
Division by Zero:
The functions use Math.mulDiv
, which performs division. If the divisor values (_points
and Constants.COLLATERAL_RATE_DECIMAL_SCALER
) are zero, it could cause a division by zero error, leading to a contract failure.
Lack of Input Validation:
Inputs such as _amount
, _points
, _usedPoints
, and _collateralRate
are not validated to ensure they are within acceptable ranges. This could result in logical errors or unexpected behavior.
Specifically, _usedPoints
should be checked to ensure it is not greater than _points
, and _collateralRate
should be validated to be greater than zero to prevent any misuse.
The identified vulnerabilities could lead to:
Contract failures due to division by zero errors.
Logical errors and unexpected behavior if inputs are not properly validated.
Potential exploitation by malicious users to manipulate refund and deposit calculations.
Manual Review
Add Input Validation:
Include require
statements to validate that _points
, _collateralRate
, and Constants.COLLATERAL_RATE_DECIMAL_SCALER
are greater than zero.
Ensure _usedPoints
does not exceed _points
to prevent logical inconsistencies.
Ensure Division Safety:
Validate all divisor values before performing division to ensure they are non-zero, preventing division by zero errors.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.