`BaseGauge::constructor` may revert due to division by zero if `_periodDuration` is set to 0, preventing contract deployment
Summary
The constructor function of the contract initializes several key parameters, including _periodDuration, which is used to determine the nextPeriod. If _periodDuration is set to 0, this would lead to a division by zero error.
Vulnerability Details
The expression:
contains a division operation involving _periodDuration. If _periodDuration is 0, a division by zero error will occur, causing the contract deployment to revert.
Since only the deployer (contract owner) sets this value at deployment, this issue does not introduce an exploitable runtime vulnerability but could lead to an accidental deployment failure. This might require redeploying the contract with a corrected value, increasing deployment costs and potential downtime.
Impact
The issue does not present a security risk but affects contract availability and deployment efficiency. The severity is categorized as Low since it is limited to deployment-time misconfiguration and does not affect contract behavior post-deployment.
Tools Used
Manual code review
Recommendations
Implement a check to ensure _periodDuration is nonzero:
Adding this validation in the constructor will prevent accidental deployment failures due to incorrect input.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.