The Standard

DeFiHardhat

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Integer underflow when deducting values from `positions[msg.sender].TST` and `positions[msg.sender].EUROs`

0xVinylDavyl

Summary

The increasePosition and decreasePosition functions in the LiquidationPool contract should implement checks to prevent potential integer underflow when deducting values from positions[msg.sender].TST and positions[msg.sender].EUROs.

Vulnerability Details

The vulnerability arises from the lack of proper checks to prevent integer underflow when deducting values in the decreasePosition function.

function decreasePosition(uint256 _tstVal, uint256 _eurosVal) external {

require(_tstVal <= positions[msg.sender].TST && _eurosVal <= positions[msg.sender].EUROs, "invalid-decr-amount");

if (_tstVal > 0) {

IERC20(TST).safeTransfer(msg.sender, _tstVal);

positions[msg.sender].TST -= _tstVal; // Potential integer underflow

}

if (_eurosVal > 0) {

IERC20(EUROs).safeTransfer(msg.sender, _eurosVal);

positions[msg.sender].EUROs -= _eurosVal; // Potential integer underflow

}

if (empty(positions[msg.sender])) deletePosition(positions[msg.sender]);

}

Impact

The absence of checks to prevent integer underflow in the decreasePosition function may lead to unexpected behavior, including potential loss of funds. An attacker could potentially manipulate the function parameters to trigger underflow and exploit the contract.

Tools Used

VsCode / Manual Code Review

Recommendations

To address the potential integer underflow vulnerability in the increasePosition and decreasePosition functions of the LiquidationPool contract, the following recommendations are provided:

Implement Checks Before Deducting Values:

Prior to deducting values from positions[msg.sender].TST and positions[msg.sender].EUROs, incorporate checks to ensure that the deducted amounts do not exceed the existing balances. This prevents potential integer underflow scenarios.

function decreasePosition(uint256 _tstVal, uint256 _eurosVal) external {

require(_tstVal <= positions[msg.sender].TST && _eurosVal <= positions[msg.sender].EUROs, "invalid-decr-amount");

if (_tstVal > 0) {

IERC20(TST).safeTransfer(msg.sender, _tstVal);

require(positions[msg.sender].TST >= _tstVal, "insufficient-TST-balance");

positions[msg.sender].TST -= _tstVal;

}

if (_eurosVal > 0) {

IERC20(EUROs).safeTransfer(msg.sender, _eurosVal);

require(positions[msg.sender].EUROs >= _eurosVal, "insufficient-EUROs-balance");

positions[msg.sender].EUROs -= _eurosVal;

}

if (empty(positions[msg.sender])) deletePosition(positions[msg.sender]);

}

Conduct Comprehensive Testing:

Prior to deploying the contract, conduct comprehensive testing, including unit tests and scenario-based testing, to ensure that the implemented checks effectively prevent integer underflow situations.

Leverage SafeMath Library:

Consider using the SafeMath library or similar mechanisms to perform arithmetic operations with additional safety checks. SafeMath helps prevent integer overflows and underflows, enhancing the overall security of the contract.

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Lack of quality

Assigned finding tags:

informational/invalid

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

609

33 USDC / LOC

High Medium

17,500 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.