Tangy Hotpink Monkey
Medium
The redeemPrice
function in the ReserveBase
contract is vulnerable to a division by zero error when the total supply of DSU tokens is zero. This can lead to unexpected contract behavior or failure, disrupting the contract's ability to provide accurate redemption pricing.
- Issue: The function calculates the redemption price by dividing the total assets by the total supply of DSU tokens (
dsu.totalSupply()
). If the total supply is zero, this division operation will result in a division by zero error. - Trigger Condition: This condition can occur if all DSU tokens have been redeemed or burned, reducing the total supply to zero.
function redeemPrice() public view returns (UFixed18) {
@=> return assets().unsafeDiv(dsu.totalSupply()).min(UFixed18Lib.ONE);
}
- The
redeemPrice
function will fail when called under zero supply conditions, returning an error instead of a valid price. - Any contract logic or external systems that rely on the
redeemPrice
function for accurate pricing will be compromised, potentially leading to outages or incorrect financial calculations. - Users attempting to redeem DSU tokens will encounter unexpected errors.
- The inability to accurately calculate the redemption price could lead to financial discrepancies or exploits in the contract.
Manual Review
Implement a check to ensure that dsu.totalSupply()
is not zero before performing the division. If it is zero, the function should return a default value or handle the condition gracefully.
function redeemPrice() public view returns (UFixed18) {
+ uint256 totalSupply = dsu.totalSupply();
+ if (totalSupply == 0) {
+ return UFixed18Lib.ONE; // or another safe default value
}
return assets().unsafeDiv(totalSupply).min(UFixed18Lib.ONE);
}