[Audit Fix] revert wmul on 0 response
Closed this issue · 1 comments
wmul of of two positive numbers can result in zero.
Risk Rating
Impact = High Likelihood = High Risk = Critical (per OWASP)
Vulnerability Details
ElasticMath functions wmul and wdiv for float values are inspired by https://github.com/dapphub/ds-math/blob/master/src/math.sol as noted in the code comment. But that contract has a critical issue as noted in their repository from Oct 2019: dapphub/ds-math#13.
The critical error (as raised by the issue) is that the wmul multiplication of two positive numbers a and b can result in zero for every a,b > 0 and b < 5*10^17 / a. For e.g., wmul(1,1) returns 0.
Impact
Given that wmul is used for all the critical math operations on the tokens, it can produce unexpected results when the operands a and b are positive integers because wmul will return 0.
Proof of Concept
Extracting this function and testing in Remix confirms that wmul(1,1) returns 0.
Definition of Done
- revert when wmul returns 0
- there is a test showing this using the proof of concept case
This issue is invalid, as confirmed by @smalldutta here: https://gist.github.com/smalldutta/51a9836b223277f1595467ad81f27737