Submission Details
Severity:
Overriding the solidity `free memory pointer - 0x40` when mulWad function is reverting
Summary
when revert condition hit in the mulWad function, the free memory pointer(0x40) is overridden with the value 0xbac65e5b. This can lead to unexpected behavior in the contract.
Vulnerability Details
when revert condition hit in the mulWad function, the free memory pointer(0x40) is overridden with the value 0xbac65e5b. This can lead to unexpected behavior in the contract.
/// @dev Equivalent to `(x * y) / WAD` rounded down.
function mulWad(uint256 x, uint256 y) internal pure returns (uint256 z) {
// @solidity memory-safe-assembly
assembly {
// Equivalent to `require(y == 0 || x <= type(uint256).max / y)`.
if mul(y, gt(x, div(not(0), y))) {
@> mstore(0x40, 0xbac65e5b) // `MathMasters__MulWadFailed()`.
revert(0x1c, 0x04)
}
z := div(mul(x, y), WAD)
}
}
Impact
This can lead to unexpected behavior in the contract.
Tools Used
Manual Review
Recommendations
So we remove the line
mstore(0x40, 0xbac65e5b)from the code.
/// @dev Equivalent to `(x * y) / WAD` rounded down.
function mulWad(uint256 x, uint256 y) internal pure returns (uint256 z) {
// @solidity memory-safe-assembly
assembly {
// Equivalent to `require(y == 0 || x <= type(uint256).max / y)`.
if mul(y, gt(x, div(not(0), y))) {
- mstore(0x40, 0xbac65e5b) // `MathMasters__MulWadFailed()`.
revert(0x1c, 0x04)
}
z := div(mul(x, y), WAD)
}
}
Updates
Rewards breakdown
nSLOC
46This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.