Steadefi

DeFiHardhatFoundryOracle

35,000 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

Unsafe Casting performed in the `GMXOracle::_getTokenPriceMinMaxFormatted`

DarkTower

Summary

The function GMXOracle::_getTokenPriceMinMaxFormatted in line#314 have converted the int256 result from Chainlink Oracle to uint256. Converting int256 to uint256 can have unexpected consequences when done unsafely.

Vulnerability Details

function _getTokenPriceMinMaxFormatted(address token) internal view returns (uint256) {

(int256 _price, uint8 _priceDecimals) = chainlinkOracle.consult(token);

@> return uint256(_price) * 10 ** (30 - IERC20Metadata(token).decimals() - _priceDecimals);

}

We are providing a similar scenario that can be reproduced in Remix:

// SPDX-License-Identifier: UNLICENSED

pragma solidity ^0.8.13;

contract TestUnsafeCasting {

function testUpsafeCasting(int256 x) public pure returns (uint256) {

return uint256(x);

}

In this case, when we input -23 as input to the function testUnsafeCasting, it returns 115792089237316195423570985008687907853269984665640564039457584007913129639913 because of unsafe casting from int256 to uint256.

Impact

Protocol may experience unexpected output from the function GMXOracle::_getTokenPriceMinMaxFormatted

Tools Used

Manual Review, Remix

Recommendations

Use Openzeppelin SafeCast Library.

Updates

Lead Judging Commences

hans Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

oxtenma Submitter

almost 2 years ago

hans Auditor

almost 2 years ago

oxtenma Submitter

almost 2 years ago

hans Auditor

almost 2 years ago

hans Lead Judge almost 2 years ago

Submission Judgement Published

Validated

Assigned finding tags:

Unsafe type conversion in _getTokenPriceMinMaxFormatted

Prize pool breakdown

Total prize

35,000 USDC

nSLOC

2,289

15 USDC / LOC

High Medium

33,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.