DittoETH

Ditto

DeFiFoundryOracle

55,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Unsafe casting of getZethTotal function

rvierdiiev

Summary

Unsafe casting of getZethTotal function, which can lead to wrong yield rate calculation

Vulnerability Details

LibVault.updateYield casts getZethTotal into uint88. It also has comment that such cast is safe.

Let's check how getZethTotal works. It loops through all bridges and calculates current value.
As zethTotal for the vault is uint88, function assumes that getZethTotal can't be bigger than uint88. But it's not like that. zethTotal for the vault is actually eth amount and as we know brisges shoud increase amount over the time. Because of that it's possible that getZethTotal function will return value that is bigger than uint88 and it will be unsafely casted and corrupt calculations.

Impact

Value will be truncated.

Tools Used

VsCode

Recommendations

You can think about some limits of zethTotal that user's can't deposit more. I means that if you decided to use uint88, then do not allow to deposit up to this limit. Leave some gap for yields.

Updates

Lead Judging Commences

0xnevi Lead Judge

about 2 years ago

0xnevi Lead Judge about 2 years ago

Submission Judgement Published

Invalidated

Reason: Other

Prize pool breakdown

Total prize

55,000 USDC

nSLOC

3,365

16 USDC / LOC

High Medium

50,000 USDC

Low

5,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.