startRewardsCycle() would fail if number of enabled Multisigs were zero because of the division by zero error, the issue can wrong reward distribution #839
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-143
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2022-12-gogopool/blob/aec9928d8bdce8a5a4efe45f54c39d4fc7313731/contracts/contract/RewardsPool.sol#L155-L197
https://github.com/code-423n4/2022-12-gogopool/blob/aec9928d8bdce8a5a4efe45f54c39d4fc7313731/contracts/contract/RewardsPool.sol#L199-L233
Vulnerability details
Impact
Function
startRewardsCycle()
is Public function that will run a GGP rewards cycle if possible but if the number of the enabled Multisigs were 0 then calling this function would fail because of division by zero error. there may be some moments when number of enabled Multisigs are 0x0 for any reason and this issue would cause ggp rewarding feature of protocol to be broken in those situations so some basic functionalities would not work and users can't access their rewards,.Proof of Concept
This is function
distributeMultisigAllotment()
code which is called bystartRewardsCycle()
:As you can see code tries to calculates each Multisig rewards in the line
tokensPerMultisig = allotment / enabledCount
but if enabled Multisig counts were zero then the code would revert and functionstartRewardsCycle()
won't be callable and this would cause node runners and DAO to not receive their ggp rewards in time. blocking the rewards long enough (more than that cycle length) can cause total reward loss of that cycle and there is no enforce in the protocol to make sure there is always one Multisig enabled and for any reason there could be some times that all Multisigs are disabled.Tools Used
VIM
Recommended Mitigation Steps
check for zero amount and if there is zero Multisig then handle Multisig rewards in another way(set rewards as zero).
The text was updated successfully, but these errors were encountered: