Division by zero error reverts transaction #45
Labels
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
downgraded by judge
Judge downgraded the risk level of this issue
grade-b
Q-01
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Lines of code
https://github.com/code-423n4/2022-12-caviar/blob/0212f9dc3b6a418803dbfacda0e340e059b8aae2/src/Pair.sol#L391
https://github.com/code-423n4/2022-12-caviar/blob/0212f9dc3b6a418803dbfacda0e340e059b8aae2/src/Pair.sol#L422
https://github.com/code-423n4/2022-12-caviar/blob/0212f9dc3b6a418803dbfacda0e340e059b8aae2/src/Pair.sol#L421
Vulnerability details
Impact
Division by zero error revert transaction
Proof of Concept
There are a few division by zero error in the Pair smart contract
The first one is the function price()
If the fractionalTokenReserve is 0, the price() revert in division by zero error.
While the price() is not explicitly used in the code, external contract may reply on the price() function. The function should not revert in divison by zero error.
The same divison by zero eror is in addQuote:
note the line:
and the line
the code precisely revert in divison by zero error.
Tools Used
Manual Review
Recommended Mitigation Steps
We recommend the project handle the division by zero error gracefully. Can return 0 and handle the 0 case when calling the related functoin instead of letting the transaction revert.
The text was updated successfully, but these errors were encountered: