You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
DOS in updateRatioForReward in the GoodDollarExchangeProvider
Summary
In updateRatioForReward, the newRatioUint can round down to zero, which will lead to a DOS in updateRatioForReward and currentPrice, as well as total miscalculations in the protocol.
We can see here that if the reward and the total supply are too high compared to the reserve balance – which is likely because the reserve asset is meant to be the cUSD and the current price of the G$ is $0.00003726 – the newRatioScaled will be less than 1e10, leading to a reserve ratio of 0, which will DOS the updateReward function.
This is because it uses the function currentPrice, which will be DOS due to the denominator being equal to 0. The call will revert due to a division or modulo by zero.
The text was updated successfully, but these errors were encountered:
sherlock-admin3
changed the title
Wide Pickle Crane - DOS in updateRatioForReward in the GoodDollarExchangeProvider
0xPhantom - DOS in updateRatioForReward in the GoodDollarExchangeProvider
Nov 5, 2024
0xPhantom
High
DOS in updateRatioForReward in the GoodDollarExchangeProvider
Summary
In updateRatioForReward, the newRatioUint can round down to zero, which will lead to a DOS in updateRatioForReward and currentPrice, as well as total miscalculations in the protocol.
https://github.com/sherlock-audit/2024-10-mento-update/blob/main/mento-core/contracts/goodDollar/GoodDollarExchangeProvider.sol#L203
Root Cause
We can see here that if the reward and the total supply are too high compared to the reserve balance – which is likely because the reserve asset is meant to be the cUSD and the current price of the G$ is $0.00003726 – the newRatioScaled will be less than 1e10, leading to a reserve ratio of 0, which will DOS the updateReward function.
This is because it uses the function currentPrice, which will be DOS due to the denominator being equal to 0. The call will revert due to a division or modulo by zero.
Internal pre-conditions
1 the totalSupply + the reward * currentPrice > reserveBalance enough to a round down to 0.
External pre-conditions
None.
Attack Path
Impact
The calculation of the protocol is broke without a rewardRatio and the updateRatioForReward function is forever DOS no reward will ever be minted.
PoC
You can copy paste this code in a new file in the test folder and then run forge test --mt test_test_mintRewardRatioPOC
You should have an output like that :
Mitigation
In my opinion you could add some precision to the rateRatio or add a sefety check in the updateRatioForReward Function like this :
The text was updated successfully, but these errors were encountered: