Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Empty Array Input Causes Division By Zero In Statistics Library

cheatc0d33

Summary

The Statistics library's avg() function performs division using array length without validating empty arrays:

The function is used for calculating averages of numerical data, but fails abruptly when given empty arrays instead of handling this edge case gracefully.

The avg() function fails to check if the input array is empty before performing division:

https://github.com/Cyfrin/2024-10-swan-dria/blob/main/contracts/libraries/Statistics.sol#L8

function avg(uint256[] memory data) internal pure returns (uint256 ans) {
uint256 sum = 0;
for (uint256 i = 0; i < data.length; i++) {
sum += data[i];
}
ans = sum / data.length; // If data.length = 0, this causes division by zero
}

When an empty array is passed:

  1. data.length = 0

  2. Loop is skipped (sum stays 0)

  3. Final division becomes 0 / 0

  4. Transaction reverts due to division by zero error

This creates unexpected transaction failures when input validation is missing, particularly problematic in contract interactions where empty arrays might be valid business cases.

A proper input validation check would prevent this runtime error.

Fix

Simple, explicit check ensures function fails early with clear error message instead of runtime division error. Protocols can handle this error case appropriately.

function avg(uint256[] memory data) internal pure returns (uint256 ans) {
require(data.length > 0, "Array must not be empty");
uint256 sum = 0;
for (uint256 i = 0; i < data.length; i++) {
sum += data[i];
}
ans = sum / data.length;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.