Division by zero
Summary
If profit_max_unlock_time is set to zero via update_profit_max_unlock_time, subsequent calls to _obtain_price_params will attempt division by zero in params.profit_unlocking_rate calculation, causing transaction reverts and a denial of service. here
Vulnerability Details
Impact
This will revert the transaction causing DoS
Tools Used
Manual review
Recommendations
Add a require statement in update_profit_max_unlock_timehere to enforce _profit_max_unlock_time > 0
Lead Judging Commences
[invalid] finding-division-by-zero
Note that `total_supply` and `profit_unlocking_rate` is initially set to 1 and 0 respectively when the `ScrvusdOracleV2.vy` is deployed 1. `total_supply` and `profit_unlocking_rate` is part of the price param updates within `update_price`, which must have gone through verification via the OOS `StateProofVerifier` contract, so there is no evidence that a 0 supply is allowed either via a 0 supply update or an extremely high `profit_unlocking_rate`. 2. Since price is retrieved via values retrived from the V3Vault, if there is no supply, there is arguably no price to be posted. As such, reverting is arguably the correct choice since a 0 price value is not expected from scrvUSD, which is a stable coin.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.