Missing Error Handling in `getPoolLPTokenValue`
Summary
Missing Error Handling in getPoolLPTokenValue
Vulnerability Details
getPoolLPTokenValue lacks checks for division by zero (poolTotalSupply), or potential out-of-bounds array access in poolData.tokens. This can lead to crashes or unexpected results.
A malicious actor could provide a pool with a zero total supply, leading to a division by zero error, or exploit array out of bounds.
https://github.com/Cyfrin/2024-12-quantamm/blob/main/pkg/pool-hooks/contracts/hooks-quantamm/UpliftOnlyExample.sol#L680C33-L680C48
Tools Used
vscode
Recommendations
Add require(poolTotalSupply > 0) to getPoolLPTokenValue before the division. Implement rigorous bounds checking (require(i < poolData.tokens.length)) to prevent array access beyond the array's valid range. Handle all potential error cases like empty pools, or unexpected pool data.
Lead Judging Commences
Informational or Gas / Admin is trusted / Pool creation is trusted / User mistake / Suppositions
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.