0xNirix - Reserve Ratio Can Become Zero Through Reward Operations

[sherlock-admin3]

0xNirix

Medium

Reserve Ratio Can Become Zero Through Reward Operations

Summary

Mathematical operations in updateRatioForReward function can cause the reserve ratio to become zero when processing large rewards, leading to a denial of service in the exchange as division by zero occurs in subsequent Bancor formula calculations.

Root Cause

In https://github.com/sherlock-audit/2024-10-mento-update/blob/main/mento-core/contracts/goodDollar/GoodDollarExchangeProvider.sol#L206, the mathematical formula for calculating new reserve ratio can result in zero:

// The mathematical operation sequence:
UD60x18 numerator = wrap(exchange.reserveBalance);
UD60x18 denominator = wrap(exchange.tokenSupply + rewardScaled).mul(wrap(currentPriceScaled));
uint256 newRatioScaled = unwrap(numerator.div(denominator));

// When denominator becomes very large relative to numerator:
uint32 newRatioUint = uint32(newRatioScaled / 1e10);  // Results in 0 
exchanges[exchangeId].reserveRatio = newRatioUint;     // Zero ratio stored

The core issue lies in the mathematical relationship:
newRatio = reserveBalance / ((tokenSupply + reward) * currentPrice)
When reward is significantly larger than tokenSupply, the denominator grows so large that the division result becomes less than 1e-10, which truncates to zero in the final conversion.

In contrast, this situation is avoided in other scenarios like

function mintFromExpansion(bytes32 exchangeId, uint256 reserveRatioScalar) external onlyExpansionController {
    // ...
    uint32 newRatioUint = uint32(unwrap(newRatio) / 1e10);
    require(newRatioUint > 0, "New ratio must be greater than 0");  // Protection exists here
    
    exchanges[exchangeId].reserveRatio = newRatioUint;
}

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

Initial Exchange State

reserveBalance = 100_000e18;              // 100K tokens
tokenSupply = 1_000_000e18;               // 1M tokens
initialReserveRatio = 100000;             // 10% ratio (MAX_WEIGHT = 1000000)
currentPrice = 1e18;                      // 1:1 price

Ratio calculation in updateRatioForReward:

// Step by step calculation that occurs in updateRatioForReward:
reward = 10_000_000_000e18;                            // 10B tokens
currentPriceScaled = currentPrice * 1e18             // 1e18 * 1e18 = 1e36
rewardScaled = minimumReward                         // 10B * 1e18

numerator = wrap(exchange.reserveBalance)            // 100_000e18
denominator = wrap(
    exchange.tokenSupply + rewardScaled             // 1M + 10B = 10.001B
).mul(wrap(currentPriceScaled))                     // * 1e36

newRatioScaled = unwrap(numerator.div(denominator))
                = 100_000e36 / (10_001_000_000e36)
                = 9.99e9                            // Just under 1e10

// Final conversion
newRatioUint = uint32(newRatioScaled / 1e10)       // 0.999 -> 0

Impact

When ratio becomes zero:

1. All swap operations fail due to division by zero in Bancor formula
2. Price calculations become impossible
3. Exchange becomes inoperable

PoC

No response

Mitigation

No response

[sherlock-admin2]

The protocol team fixed this issue in the following PRs/commits:
mento-protocol/mento-core#544