Category: Coding Mistakes
Unhandled division-by-zero error in borrowAsset()
Informational Severity
Informational Impact
N/A Likelihood
Description
In the borrowAsset()
function, there is no check for the possibility of totalAsset
being 0, which could lead to a division-by-zero error in numerator / totalAsset
.
function borrowAsset(
address _silo,
uint256 _borrowAmount,
uint256 _collateralAmount,
address _collateralAsset,
address _receiver
) external nonReentrant {
(uint256 totalAsset, ) = ISilo(_silo).totalAsset();
(uint256 totalBorrow, ) = ISilo(_silo).totalBorrow();
uint256 numerator = UTIL_PREC * (totalBorrow + _borrowAmount);
uint256 utilizationRate = numerator / totalAsset;
...
Impact
If totalAsset
is 0 and someone tries to execute the borrowAsset
, the transaction will revert due to the division by zero.
Recommendations
Add a zero check on totalAsset
for a more graceful and informative handling of this situation.
require(totalAsset != 0, "Total Asset is zero");
Remediation
This issue has been acknowledged by Sturdy, and a fix was implemented in commit ca396917↗.