Albort - When _deltaFlow is zero, deltaFlowUnits is incorrectly set to -1

[sherlock-admin2]

Albort

High

When _deltaFlow is zero, deltaFlowUnits is incorrectly set to -1

Summary

https://github.com/sherlock-audit/2024-10-mento-update/blob/098b17fb32d294145a7f000d96917d13db8756cc/mento-core/contracts/libraries/TradingLimits.sol#L134
When _deltaFlow == 0:
Calculate _deltaFlowUnits:

_deltaFlowUnits = 0 / (10 ** uint256(decimals)) = 0

Convert to int48:

deltaFlowUnits = int48(0)

Enter conditional check:

if (deltaFlowUnits == 0) { ... }

Since _deltaFlow == 0, _deltaFlow > 0 is false.
Thus, deltaFlowUnits is set to -1:

deltaFlowUnits = int48(-1)

Problem:

When the net flow change _deltaFlow is zero, the system should not modify deltaFlowUnits.
Setting deltaFlowUnits to -1 causes the net flow to be erroneously reduced without an actual change.

Root Cause

No response

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

Incorrect Net Flow Update: The net flow will decrease without any real transaction, which may trigger erroneous limits.
State Inconsistency: The net flow state does not match actual transaction activity, potentially causing logical errors in the system.

PoC

No response

Mitigation

Modify the conditional check to ensure deltaFlowUnits is only adjusted when _deltaFlow is non-zero.