Platform: Code4rena
Start Date: 07/09/2022
Pot Size: $20,000 CANTO
Total HM: 7
Participants: 65
Period: 1 day
Judge: 0xean
Total Solo HM: 3
Id: 159
League: ETH
Rank: 32/65
Findings: 1
Award: $39.22
π Selected for report: 0
π Solo Findings: 0
π Selected for report: lukris02
Also found by: 0x040, 0x1f8b, 0x52, 0xA5DF, 0xNazgul, 0xSky, Bnke0x0, Bronicle, CertoraInc, Chom, CodingNameKiki, Deivitto, Diraco, Dravee, EthLedger, IgnacioB, JC, JansenC, Jeiwan, R2, RaymondFam, ReyAdmirado, Rolezn, SinceJuly, TomJ, Tomo, Yiko, a12jmx, ajtra, ak1, codexploder, cryptphi, csanuragjain, erictee, fatherOfBlocks, gogo, hake, hansfriese, hickuphh3, ignacio, ontofractal, oyc_109, p_crypt0, pashov, peritoflores, rajatbeladiya, rbserver, rokinot, rvierdiiev, tnevler
242.8216 CANTO - $39.22
https://github.com/code-423n4/2022-09-canto/blob/main/src/Swap/BaseV1-core.sol#L271-L289 https://github.com/code-423n4/2022-09-canto/blob/main/src/Swap/BaseV1-core.sol#L261
In BaseV1Pair contract, when calling sampleSupply(), a zero value for window argument , it will always return empty fixed sized array.
When window argument is 0, the for loop will be bypassed and sampleSupply() will return _totalSupply which is an empty array of n-points number of empty arrays.
https://github.com/code-423n4/2022-09-canto/blob/main/src/Swap/BaseV1-core.sol#L271-L289
Manual review
A require check for zero value may be necessary to resolve this.
#0 - nivasan1
2022-09-10T18:07:01Z
It is unclear how the function / availability of the protocol is at risk here as a sample with window 0 is a no-op (no observations are being sampled).
#1 - 0xean
2022-09-12T14:21:07Z
downgrading to QA, wardens fails to show the impact of the issue.