Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Uninitialized Variables Cause Division by Zero in `getPremiumDiscountFactor`

i_atiq

Summary

The struct UsdTokenSwapConfig.Data contains pdCurveYMin, pdCurveYMax, pdCurveXMin, pdCurveXMax, and pdCurveZ. These values are never initialized or updated anywhere in the contracts. When getPremiumDiscountFactor is called, it performs a division operation using pdCurveXMax - pdCurveXMin, which is zero by default, leading to a division by zero error and a transaction revert.

Vulnerability Details

  • Uninitialized pdCurve Variables Default to Zero**

struct Data {
uint128 baseFeeUsd;
uint128 swapSettlementFeeBps;
uint128 maxExecutionTime;
uint128 pdCurveYMin;
uint128 pdCurveYMax;
uint128 pdCurveXMin;
uint128 pdCurveXMax;
uint128 pdCurveZ;
}

  • Since these values are not set anywhere, they default to zero.

  • If pdCurveXMin == pdCurveXMax == 0 (default values), this results in division by zero, causing a revert in getPremiumDiscountFactor

UD60x18 pdCurveYX18 = pdCurveYMinX18.add(
pdCurveYMaxX18.sub(pdCurveYMinX18).mul(
pdCurveXX18.sub(pdCurveXMinX18).div(pdCurveXMaxX18.sub(pdCurveXMinX18)) // @audit - Division by zero
.pow(pdCurveZX18)
)
);

Impact

  • Every call to getPremiumDiscountFactor will always revert

  • No swap can happen in StabilityBranch, which means users cannot swap their usd token to vault asset, making the usd token unusable

Recommendation

Create a setter function to set these values in MarketMakingEngineConfigurationBranch

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

PremiumDiscountFactor feature cannot be properly configured / used

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!