Description

In the redeem functions — for example, the redeemLong function — relativeBalance is calculated as the ratio of longSharesBalance to sState.sharesMinted. However, sharesMinted is always bigger than longSharesBalance when there are multiple users. So relativeBalance will be zero in this case. This will cause a division-by-zero error.

function redeemLong(PoolParams calldata longParams) public {
    bytes32 poolHash = hashPool(longParams);
    uint256 longTokenId = toLongTokenId(poolHash);
    uint256 longSharesBalance = balanceOf(msg.sender, longTokenId);

    PoolState storage sState = sPoolState[poolHash];

!   uint256 relativeBalance = uint256(longSharesBalance) / uint256(sState.sharesMinted);
!   uint256 relativeAmount = uint256(longParams.cap - longParams.floor) * relativeBalance;

!   uint256 payout =
!       uint256(sState.balanceChangePerShare - longParams.floor) * uint256(sState.collateralMinted) / relativeAmount;

    // ...
}

Impact

If there are multiple users in the pool, the redeem functions will not work correctly and will cause a division-by-zero error. This will prevent users from redeeming their shares.

Recommendations

We recommend adding a scaling factor to the relativeBalance calculation to prevent division-by-zero errors.

Remediation

This issue has been acknowledged by Alkimiya, and fixes were implemented in the following commits:

• e9eed80c↗