[M-01] Compiler fails to revert if a negative integer is passed as a uint datatype.
Vulnerability Details
The incorrect built-in type checker of the compiler leads a negative integer passing as a value in uint2str. This poses to be a severe issue that can go unnoticed for vyper developers.
As the vyper compiler documentation lays out:
uint2str(value: unsigned integer)→ String
Returns an unsigned integer’s string representation.
- value: Unsigned integer to convert.
- Returns the string representation of value.
Code snippet example where the compiler fails to revert is provided below:
On compilation, this returns:
Impact
Misleads developers and results in an unexpected underflow.
Tools Used
Manual Review
Recommendations
Adding a check on the Vyper language compiler when a negative integer is passed to the uint2str param should render a fix to this issue.
Lead Judging Commences
uint2str accepts ints
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.