Zero Div
zapaz opened this issue · comments
Five functions may reverts due to division by zero, when number of registered knot is zero
Theses reverts are demonstrated in 5 rules in this spec file :
https://github.com/zapaz/2023-01-19-blockswap-fv/blob/certora-contest/certora/specs/SyndicateIssues.spec
Inside public previewUnclaimedETHAsCollateralizedSlotOwner()
function :
https://github.com/Certora/2023-01-blockswap-fv/blob/certora/contracts/syndicate/Syndicate.sol#L442-L443
uint256 accumulatedSoFar = accumulatedETHPerCollateralizedSlotPerKnot+
((calculateETHForFreeFloatingOrCollateralizedHolders() -
lastSeenETHPerCollateralizedSlotPerKnot) / numberOfRegisteredKnots);
Inside public getUnprocessedETHForAllFreeFloatingSlot()
function
also called by calculateNewAccumulatedETHPerCollateralizedSharePerKnot()
:
https://github.com/Certora/2023-01-blockswap-fv/blob/certora/contracts/syndicate/Syndicate.sol#L484
return ((calculateETHForFreeFloatingOrCollateralizedHolders() -
lastSeenETHPerCollateralizedSlotPerKnot) / numberOfRegisteredKnots);
Inside internal _calculateCollateralizedETHOwedPerKnot()
function :
https://github.com/Certora/2023-01-blockswap-fv/blob/certora/contracts/syndicate/Syndicate.sol#L577
uint256 collateralizedSLOTShareOfETHPerKnot =
(collateralizedSLOTShareOfETH / numberOfRegisteredKnots);
Inside internal _calculateNewAccumulatedETHPerCollateralizedShare()
function :
https://github.com/Certora/2023-01-blockswap-fv/blob/certora/contracts/syndicate/Syndicate.sol#L583
return (_ethSinceLastUpdate * PRECISION) / (numberOfRegisteredKnots * 4 ether);
Assessment: Low
We will add more graceful error handling when number of knots is zero. Thank you
The bug is in getUnprocessedETHForAllCollateralizedSlot
not getUnprocessedETHForAllFreeFloatingSlot
. Since this DOS is only in view functions which are not called by any critical functions, users can still unstake after all knots have been deregistered. Therefore I agree that this is low severity.