Category: Coding Mistakes
Lack of validation in ElasticityMultiplier
causes division by zero
Medium Severity
Medium Impact
Low Likelihood
Description
In CalculateBaseFee
, the code assumes that ElasticityMultiplier
cannot be zero due to validation
, but validateElasticityMultiplier
only checks for the correct data type (uint32
) and not whether the value is nonzero.
func validateElasticityMultiplier(i interface{}) error {
_, ok := i.(uint32)
if !ok {
return fmt.Errorf("invalid parameter type: %T", i)
}
return nil
}
If ElasticityMultiplier
is mistakenly set to zero, division by zero can occur in the base-fee calculation.
func (k Keeper) CalculateBaseFee(ctx sdk.Context) *big.Int {
params := k.GetParams(ctx)
// [...]
// CONTRACT: ElasticityMultiplier cannot be 0 as it's checked in the params
// validation
parentGasTargetBig := new(big.Int).Div(gasLimit, new(big.Int).SetUint64(uint64(params.ElasticityMultiplier)))
if !parentGasTargetBig.IsUint64() {
return nil
}
Impact
Division by zero can cause runtime errors or panics, disrupting block processing.
Recommendations
Extend validateElasticityMultiplier
to ensure ElasticityMultiplier
is greater than zero — for example:
if val, ok := i.(uint32); !ok || val == 0 {
return fmt.Errorf("elasticity multiplier must be a non-zero uint32")
}
Remediation
This issue has been acknowledged by Sigma Assets GmbH, and a fix was implemented in commit 40c518a9↗.