Skip to content

Latest commit

 

History

History
41 lines (26 loc) · 1.7 KB

054.md

File metadata and controls

41 lines (26 loc) · 1.7 KB

Obedient Lava Monkey

Medium

Division by zero in cumulateToLiquidityIndex function can halt reserve functionality.

Summary:

A lack of a zero-check for totalLiquidity in cumulateToLiquidityIndex will cause a transaction revert for protocol users, as the function will attempt to divide by zero during liquidity index updates.

Root Cause:

In ReserveLogic.sol, the amount.wadToRay().rayDiv(totalLiquidity.wadToRay()) computation does not check if totalLiquidity is zero, resulting in a revert.

Internal Pre-conditions:

  1. The reserve must have totalLiquidity set to exactly 0 (e.g., during initialization or if fully drained).
  2. A function invoking cumulateToLiquidityIndex (e.g., fee accumulation) must be called.

External Pre-conditions:

  1. No liquidity providers have deposited into the reserve, or all liquidity has been withdrawn.

Attack Path:

  1. Any user or external contract calls a function that attempts to accumulate income to the liquidity index.
  2. The call triggers cumulateToLiquidityIndex, which attempts to divide amount by totalLiquidity.
  3. As totalLiquidity is zero, the transaction reverts, halting the operation.

Impact:

The protocol functionality halts, preventing fees (e.g., flash loan fees) from being distributed and disrupting reserve operations. No direct loss occurs, but user actions dependent on this functionality (e.g., supply or withdrawal) are blocked.

Mitigation:

Add a guard condition to ensure totalLiquidity is non-zero before performing the division.