Division by Zero When Using Raw Price as Denominator
Summary
Vulnerability Details
The parameter description indicates that a value of 1 for the second parameter causes the rule to use the raw price as the denominator in a division operation. However, the code does not explicitly check for a zero raw price before performing the division. If the raw price is zero, this division will result in a revert, effectively halting the execution of the _getWeights function and any dependent operations.
If locals.useRawPrice is true (because _parameters[1][0] == ONE), and _data[locals.i] is zero, the assignment locals.denominator = _data[locals.i] sets locals.denominator to zero. The subsequent division ONE.div(locals.denominator) will then cause a revert due to division by zero.
Impact
Denial of service (DoS) due to revert caused by division by zero.
Tools Used
Recommendations
Implement an explicit check for a zero raw price before using it as the denominator
Lead Judging Commences
Informational or Gas / Admin is trusted / Pool creation is trusted / User mistake / Suppositions
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.