First Flight #8: Math Master

First Flight #8

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

Potential Overflow in mulWadUp, does not employ the SafeMath library for multiplication operations

0xVinylDavyl

Vulnerability Details:

The mulWadUp function is designed to perform multiplication and subsequent rounding up of the result by adding 1 if needed. While the function includes overflow checks, it does not employ the SafeMath library for multiplication operations. Using SafeMath for arithmetic operations enhances safety and readability, reducing the risk of overflow-related vulnerabilities.

Issue arises from the absence of SafeMath, which is a library commonly used in Solidity to mitigate the risk of arithmetic overflow and underflow. Without SafeMath, the multiplication operation in mulWadUp may be susceptible to overflow, which occurs when the result exceeds the maximum representable value for a uint256.

/// @dev Equivalent to `(x * y) / WAD` rounded up.

function mulWadUp(uint256 x, uint256 y) internal pure returns (uint256 z) {

/// @solidity memory-safe-assembly

assembly {

// Equivalent to `require(y == 0 || x <= type(uint256).max / y)`.

if mul(y, gt(x, or(div(not(0), y), x))) {

mstore(0x40, 0xbac65e5b) // `MathMasters__MulWadFailed()`.

revert(0x1c, 0x04)

}

if iszero(sub(div(add(z, x), y), 1)) { x := add(x, 1) }

z := add(iszero(iszero(mod(mul(x, y), WAD))), div(mul(x, y), WAD))

}

Impact:

Potential overflow vulnerabilities can have severe consequences, leading to unexpected behavior or vulnerabilities in smart contracts. In the context of mulWadUp, an overflow during the multiplication step may result in an incorrect calculation of the final rounded-up value. This miscalculation could lead to unexpected results in financial or token-related operations, impacting the integrity of the contract.

Tools Used:

Based on manual code review and knowledge of best practices in Solidity development.

Recommendations:

To enhance safety and readability, recommended to replace the multiplication operation in mulWadUp with the SafeMath library. SafeMath ensures that arithmetic operations are performed securely, guarding against overflows and underflows. Below is the updated code snippet using SafeMath for the multiplication operation:

By incorporating SafeMath, this updated code reduces the risk of potential overflow vulnerabilities during the multiplication operation, contributing to a more robust and secure implementation.

import "@openzeppelin/contracts/utils/math/SafeMath.sol";

library MathMasters {

using SafeMath for uint256;

// ....

function mulWadUp(uint256 x, uint256 y) internal pure returns (uint256 z) {

require(y == 0 || x <= type(uint256).max / y, "MathMasters__MulWadFailed");

if (iszero(sub(div(add(z, x), y), 1))) {

x = add(x, 1);

}

z = add(iszero(iszero(mod(x.mul(y), WAD))), x.mul(y).div(WAD));

}

// ...

}

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

nSLOC

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.