Missing check for `totalFeeRecipientsSharesX18` in `MarketMakingEngineConfiguration::distributeProtocolAssetReward`
Summary
The function distributeProtocolAssetReward is responsible for distributing protocol fees to multiple fee recipients based on their respective shares. However, it does not account for the case when the total fee recipients' shares totalFeeRecipientsSharesX18 is zero, which could result in division by zero errors or unintended behavior.
Vulnerability Details
The function attempts to calculate the fee recipient's reward by dividing the product of their shares and the asset amount by the total shares of all recipients totalFeeRecipientsSharesX18. If totalFeeRecipientsSharesX18 is zero, this would lead to a division by zero error.
The absence of a check for totalFeeRecipientsSharesX18 being zero allows the contract to potentially perform an invalid calculation, which could lead to unintended behavior, such as transferring rewards incorrectly or failing the transaction entirely due to a revert caused by a division by zero.
Impact
If totalFeeRecipientsSharesX18 is zero, this would cause a division by zero, leading to a revert or invalid calculation.
Funds loss.
A division by zero or invalid state could result in a failed transaction, causing disruption in the fee distribution mechanism.
Tools Used
Manual code review
Recommendations
Add a check for zero shares
Implement a meaningful error message or custom error for this case.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.