Ripe Gingham Hare
Medium
The missing zero-check on boostReserve in the _validateSwap function will cause a division by zero error for users, as an attacker can manipulate the BOOST-USD liquidity pool to set boostReserve to zero
In SolidlyV2AMO.sol, the _validateSwap function lacks a zero-check on boostReserve before performing division, leading to a potential division by zero error.
The boostReserve variable in the BOOST-USD pool is zero.
An attacker manipulates the BOOST-USD liquidity pool to reduce boostReserve to zero by swapping out all BOOST tokens.
- Attacker removes all BOOST tokens from the BOOST-USD pool, reducing the "boostReserve" to zero.
- User calls either the "mintSellFarm" or "unfarmBuyBurn" function.
- These functions internally call "_validateSwap", which tries to calculate "(FACTOR * usdReserve) / boostReserve".
- Since "boostReserve" is zero, this results in a division by zero error, causing the transaction to fail.
- As a result, users are unable to perform key AMO functions, leading to a denial of service.
The users cannot execute mintSellFarm and unfarmBuyBurn functions, leading to a denial of service in maintaining the BOOST token's peg. The protocol's ability to perform AMO operations is hindered until the issue is resolved.
No response
Add a zero-check for boostReserve in the _validateSwap function to prevent division by zero
function _validateSwap(bool boostForUsd) internal view override { (uint256 boostReserve, uint256 usdReserve) = getReserves(); if (boostReserve == 0) revert InvalidReserveRatio({ratio: 0}); if (boostForUsd && boostReserve >= usdReserve) revert InvalidReserveRatio({ratio: (FACTOR * usdReserve) / boostReserve}); if (!boostForUsd && usdReserve >= boostReserve) revert InvalidReserveRatio({ratio: (FACTOR * usdReserve) / boostReserve}); }