Incorrect lower bound for range in initial estimate calculation
Summary
In line 77 the number set is incorrect. It should be the one stated in the comment 0xffffff
Vulnerability Details
Running the following halmos test gives a list values that give an incorrect result:
c is a contract in which solmate's square root functionality is imported aswell as the MathMaster's square root functionality.
The counterexamples from this halmos test end up 16 'bits' higher than they should due to an incorrect calculation in line 77:
r := or(r, shl(4, lt(16777002, shr(r, x))))
Example:
The result of shr(r, x) at line 77 when x = 72057254735511552 is 16777137 which in this case makes lt return true, if it was ran against the correct value of 16777215 (0xffffff) it would've been false.
Impact
High - incorrect functionality
Tools Used
halmos
Recommendations
Change the value 16777002 to 16777215 in line 77
Lead Judging Commences
Sqrt yields incorrect results for certain inputs because 16777002 doesn't represent the maximum value resulting from a right shift
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.