Division by Zero Vulnerability in the `_curve` Function of the `BondingCurve` Contract
c4-bot-2 opened this issue · 0 comments
Lines of code
Vulnerability details
Description
The _curve function is responsible for calculating the curve price of a specific target amount based on the bonding curve logic. The calculation involves a division operation where the denominator is derived from subtracting targetAmount_ from a constant TOTAL_SUPPLY_FACTOR. The relevant line of code is:
return (TOTAL_SUPPLY_FACTOR * CURVE_FACTOR * 1 ether) / (TOTAL_SUPPLY_FACTOR - targetAmount_) - CURVE_FACTOR * 1 ether - INITIAL_PRICE_FACTOR * targetAmount_ / 1000;
This issue arises when the targetAmount_ parameter equals the TOTAL_SUPPLY_FACTOR. If this condition is met, the denominator in the division operation becomes zero, causing the entire transaction to revert. This issue can have serious implications for the contract's functionality, potentially leading to failed operations and loss of funds.
Impact
If this condition is met during a transaction, the transaction will fail, which could disrupt the normal operation of the system. If this issue occurs during critical operations like buying or selling on the bonding curve, users may lose gas fees due to reverted transactions without any successful outcome.
Tools Used
Manual Review
Recommendation
Implement input validation to ensure that targetAmount_ is never equal to TOTAL_SUPPLY_FACTOR.
Assessed type
Invalid Validation