Skip to content
This repository has been archived by the owner on Dec 31, 2023. It is now read-only.

Latest commit

 

History

History
26 lines (18 loc) · 899 Bytes

103.md

File metadata and controls

26 lines (18 loc) · 899 Bytes

Danielchernokalov88

medium

calculateQuota function is vulnerable to arithmetic underflow.

Summary

In file D3UserQuota.sol, calculateQuota function is vulnerable to arithmetic underflow. And the visibility of this function is not required to be public.

Vulnerability Detail

If getUserQuota function is called before setQuotaTokennAmount is called, quotaTokenAmount.length is still 0 on calculateQuota function. It can lead to arithmetic underflow issues.

Impact

On the not global token hold, if getUserQuota is reverted, the following behavior could be unexpected.

Code Snippet

https://github.com/sherlock-audit/2023-06-dodo/blob/main/new-dodo-v3/contracts/DODOV3MM/D3Vault/periphery/D3UserQuota.sol#L111

Tool used

Manual Review

Recommendation

Add the logic that returns zero quota if quotaTokenAmount.length. And calculateQuota function should have internal visibility.