Danielchernokalov88
medium
In file D3UserQuota.sol, calculateQuota function is vulnerable to arithmetic underflow. And the visibility of this function is not required to be public.
If getUserQuota function is called before setQuotaTokennAmount is called, quotaTokenAmount.length is still 0 on calculateQuota function. It can lead to arithmetic underflow issues.
On the not global token hold, if getUserQuota is reverted, the following behavior could be unexpected.
Manual Review
Add the logic that returns zero quota if quotaTokenAmount.length. And calculateQuota function should have internal visibility.