[BoostController._calculateBoost(address,address,uint256)] uses a dangerous strict equality
Summary
The function _calculateBoost in BoostController.sol contains a strict equality check (== 0) on userBalance and totalSupply. This could lead to unexpected behavior if the assumption that these values should never be exactly zero is violated.
Vulnerability Details
Within the _calculateBoost function, the following condition is present:
If an unintended scenario results in userBalance or totalSupply being zero, this check may cause the function to return incorrect values, leading to potential disruptions in boost calculations
Impact
The likelihood of this issue occurring depends on whether userBalance or totalSupply can realistically be zero due to system interactions or external calls. If either value is controlled by user deposits or contract interactions, edge cases may arise where an unintended zero value is present.
A potential scenario where this issue may be triggered:
-
A user with a balance of 1 token transfers all their holdings, resulting in
userBalance == 0. -
If
totalSupplywas also reduced to zero due to other withdrawals, the function would return zero boost, potentially disrupting fair reward distribution.
Tools Used
github
Recommendations
Instead of using strict equality checks, consider using a safer alternative, such as:
Alternatively, ensure that the function correctly handles edge cases by verifying that userBalance and totalSupply are never unintentionally zero
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.