Skip to content

Latest commit

 

History

History
66 lines (50 loc) · 2.68 KB

004.md

File metadata and controls

66 lines (50 loc) · 2.68 KB

Fierce Neon Oyster

Medium

Missing Zero-Value Validation in Price Check

Summary

The mintSellFarm function lacks a validation check for zero-value returns from the newBoostPrice variable. This can lead to incorrect logic execution and potential vulnerabilities if the price unexpectedly returns as zero. The absence of this check may allow transactions to proceed with invalid price data, which could disrupt the intended functionality of the contract.

Root Cause

The issue arises from the missing validation for zero values in the price check logic.

278:     function mintSellFarm()
279:         external
280:         override
281:         whenNotPaused
282:         nonReentrant
283:         validateSwap(SELL_BOOST)
284:         returns (uint256 liquidity, uint256 newBoostPrice)
285:     {
286:         (liquidity, newBoostPrice) = _mintSellFarm(); // Perform the mint and sell, and return liquidity and the new Boost price
---
288:@=>      if (newBoostPrice < boostLowerPriceSell) revert PriceNotInRange(newBoostPrice);
289: 
290:         emit PublicMintSellFarmExecuted(liquidity, newBoostPrice);
291:     }

The mintSellFarm function does not take into account the possibility of newBoostPrice being zero.

Snippet

https://github.com/sherlock-audit/2024-10-axion/blob/main/liquidity-amo/contracts/MasterAMO.sol#L288

Attack Path

  1. The _mintSellFarm function is called and returns a null newBoostPrice due to an unexpected condition.
  2. The contract does not return the transaction because it only checks whether newBoostPrice is less than boostLowerPriceSell, not whether it returns null.
  3. The transaction continues with an invalid price, potentially leading to incorrect business logic execution or financial discrepancies.

Impact

Transactions may proceed with invalid price data, leading to incorrect contract behavior.

Mitigation

Implement a zero-value check for newBoostPrice to ensure that the function reverts if the price is zero.

    function mintSellFarm()
        external
        override
        whenNotPaused
        nonReentrant
        validateSwap(SELL_BOOST)
        returns (uint256 liquidity, uint256 newBoostPrice)
    {
        (liquidity, newBoostPrice) = _mintSellFarm(); // Perform the mint and sell, and return liquidity and the new Boost price
        // Checks if the actual average price of boost when selling is greater than the boostLowerPriceSell
-       if (newBoostPrice < boostLowerPriceSell) revert PriceNotInRange(newBoostPrice);
+       if (newBoostPrice == 0 || newBoostPrice < boostLowerPriceSell) revert PriceNotInRange(newBoostPrice);

        emit PublicMintSellFarmExecuted(liquidity, newBoostPrice);
    }