MorpheusAI
MorpheusAI
Foundry
22,500 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Wrong Calculation `LinearDistributionIntervalDecrease:_calculateMaxEndTime`

recursiveeth

Summary

LinearDistributionIntervalDecrease:_calculateMaxEndTime calculates the maximum possible end time based on given parameters, while LinearDistributionIntervalDecrease:_divideCeilcomputes the division of two unsigned integers rounded up to the nearest integer. An overflow scenario is identified in _calculateMaxEndTime where the result of maxInterval \* interval_could exceed the maximum value representable by auint128

Vulnerability Details

In calculateMaxEndTime, if the product of maxIntervals * interval_ exceeds the maximum value representable by a uint128 (which is 2^128 - 1), the result will wrap around due to overflow. This can lead to incorrect calculations of the maximum end time

Impact

when maxIntervals_ * interval_ wrap around due to overflow,result will be lowest positive number,the endTime variable holding value of maxEndTime which can cause erroneous results.

Tools Used

Manual Review

Recommendations

function calculateMaxEndTime(
uint128 payoutStart_,
uint128 interval_,
uint256 initialAmount_,
uint256 decreaseAmount_
) public pure returns (uint128) {
if (decreaseAmount_ == 0) {
return type(uint128).max;
}
uint256 maxIntervals_ = initialAmount_ / decreaseAmount_;
// Assuming uint128 max value is 2^128 - 1
uint256 maxValue = uint128(-1);
// Check for overflow
+ require(maxIntervals_ <= maxValue / interval_, "Overflow can occur");
return uint128(payoutStart_ + maxIntervals_ * interval_);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge
over 1 year ago
inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Too generic

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.