From 844f66409dc70cee573d72aae0a1ba1e172d867c Mon Sep 17 00:00:00 2001 From: politeWall <138504353+politeWall@users.noreply.github.com> Date: Fri, 15 Dec 2023 14:37:56 +0100 Subject: [PATCH] fix: vulnerability causing division by zero with price rate calculation --- src/action/execute/create_margin_order.rs | 12 ++++++++++++ src/action/execute/create_spot_order.rs | 6 ++++++ 2 files changed, 18 insertions(+) diff --git a/src/action/execute/create_margin_order.rs b/src/action/execute/create_margin_order.rs index f1c9525..5a04e9f 100644 --- a/src/action/execute/create_margin_order.rs +++ b/src/action/execute/create_margin_order.rs @@ -126,6 +126,12 @@ fn create_margin_open_order( return Err(StdError::generic_err("not valid collateral").into()); } + if let Some(price) = &trigger_price { + if price.rate.is_zero() { + return Err(StdError::generic_err("trigger_price: The rate cannot be zero").into()); + } + } + let order = MarginOrder::new_open( &info.sender, &position, @@ -209,6 +215,12 @@ fn create_margin_close_order( return Err(StdError::generic_err("this position had an order already assigned").into()); }; + if let Some(price) = &trigger_price { + if price.rate.is_zero() { + return Err(StdError::generic_err("trigger_price: The rate cannot be zero").into()); + } + } + let order = MarginOrder::new_close( &info.sender, mtp.position, diff --git a/src/action/execute/create_spot_order.rs b/src/action/execute/create_spot_order.rs index 379d79f..acc060a 100644 --- a/src/action/execute/create_spot_order.rs +++ b/src/action/execute/create_spot_order.rs @@ -22,6 +22,12 @@ pub fn create_spot_order( return Err(StdError::not_found("order price").into()); } + if let Some(price) = &order_price { + if price.rate.is_zero() { + return Err(StdError::generic_err("order_price: The rate cannot be zero").into()); + } + } + check_denom_error( &order_source_denom, &order_target_denom,