Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

Latest commit

 

History

History
27 lines (18 loc) · 1.02 KB

151.md

File metadata and controls

27 lines (18 loc) · 1.02 KB
Raw

joestakey

medium

toTokenX() breaks when totalSupply() == 0

Summary

The toTokenX() function, used to convert BLP to tokenX, reverts when the BLP supply is 0.

Vulnerability Detail

The function returns (amount * balance) / totalSupply;, but does not account for the case when totalSupply == 0. In such case, the call will revert.

Impact

The function will not only revert before the first provider have minted BLP, it will also revert if at some point in the future all providers have withdrawn, making the supply 0 again.

This will affect:

  • users/front ends calling the toTokenX() function.
  • smart contracts that call toTokenX() to know the current BLP to tokenX price. This could be for instance smart contract providers that would call toTokenX() before calling provide().

Code Snippet

https://github.com/sherlock-audit/2022-11-buffer/blob/main/contracts/contracts/core/BufferBinaryPool.sol#L369-L372

Tool used

Manual Review

Recommendation

return 0 if the totalSupply() is 0.