0x46 - Improper validation of exitContribution #55
Comments
sherlock-admin3
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
sherlock-admin3
changed the title
0x46
Medium
Improper validation of exitContribution
Summary
The missing check in BancorExchangeProvider.sol: setExitContribution() will cause transaction reversion in swap functions for users as the function allows exitContribution to reach its maximum value (MAX_WEIGHT), which creates divisibility issues in subsequent calculations.
Setting exitContribution to MAX_WEIGHT causes division by zero in calculations for determining scaledAmountIn and scaledAmountOut, leading to reverts in swap functions like _getScaledAmountIn and _getScaledAmountOut.
Root Cause
https://github.com/sherlock-audit/2024-10-mento-update/blob/main/mento-core/contracts/goodDollar/BancorExchangeProvider.sol#L265
fails to account for the scenario when exitContribution equals MAX_WEIGHT, which creates a division by zero issue in calculations, specifically:
https://github.com/sherlock-audit/2024-10-mento-update/blob/main/mento-core/contracts/goodDollar/BancorExchangeProvider.sol#L311
https://github.com/sherlock-audit/2024-10-mento-update/blob/main/mento-core/contracts/goodDollar/BancorExchangeProvider.sol#L345
Internal pre-conditions
Admin must call setExitContribution() and set exitContribution to exactly MAX_WEIGHT.
External pre-conditions
No response
Attack Path
No response
Impact
The protocol cannot process any transactions in affected pools as every swapIn or swapOut operation will revert. This causes a full denial of service on the impacted pools, affecting users attempting to transact.
PoC
No response
Mitigation
In BancorExchangeProvider.sol: setExitContribution(), update the requirement to prevent exitContribution from equaling MAX_WEIGHT:
The text was updated successfully, but these errors were encountered: