First Flight #8: Math Master

First Flight #8

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

Reverting with a wrong custom selector. Revert return a blank error

ereynier

Summary

The revert assembly blocks have wrong error selectors.

Vulnerability Details

The errors selectors used in MathMasters::mulWad() and MathMasters::mulWadUp() functions (0xbac65e5b) are the selectors for MulWadFailed() while the error defined is MathMasters__MulWadFailed() with a selector of 0xa56044f7. Moreover, the selector bytes need to be left padded like that 0xa56044f700000000000000000000000000000000000000000000000000000000

Impact

The functions will return a blank error instead of the custom error. An external script or user could watch for this error and never find it.

PoC (Proof of Code)

This line gives you the selector.

bytes4 selector = MathMasters.MathMasters__MulWadFailed.selector;

You can use foundry cast to check the selectors.

cast 4byte <selector>

$ cast 4byte 0xbac65e5b

MulWadFailed()

$ cast 4byte 0xa56044f7

MathMasters__MulWadFailed()

Tools Used

Foundry

Recommendations

You can use bytes4 selector = MathMasters__MulWadFailed.selector; to get the right selector and have a more readable code. You can also replace the selectors for the good ones.

+ bytes4 selector = MathMasters__MulWadFailed.selector;

assembly {

// Equivalent to `require(y == 0 || x <= type(uint256).max / y)`.

if mul(y, gt(x, div(not(0), y))) {

- mstore(0x40, 0xbac65e5b) // `MathMasters__MulWadFailed()`.

+ mstore(0x40, selector) // `MathMasters__MulWadFailed()`.

revert(0x1c, 0x04)

}

z := div(mul(x, y), WAD)

}

+ bytes4 selector = MathMasters__MulWadFailed.selector;

assembly {

// Equivalent to `require(y == 0 || x <= type(uint256).max / y)`.

if mul(y, gt(x, or(div(not(0), y), x))) { // @audit why "or" ?

- mstore(0x40, 0xbac65e5b) // `MathMasters__MulWadFailed()`.

+ mstore(0x40, selector) // `MathMasters__MulWadFailed()`.

revert(0x1c, 0x04)

}

- mstore(0x40, 0xbac65e5b) // `MathMasters__MulWadFailed()`.

+ mstore(0x40, 0xa56044f700000000000000000000000000000000000000000000000000000000) // `MathMasters__MulWadFailed()`.

- mstore(0x40, 0xbac65e5b) // `MathMasters__MulWadFailed()`.

+ mstore(0x40, shl(mul(28, 8), 0xa56044f7)) // `MathMasters__MulWadFailed()`.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

Wrong error selector

Rewards breakdown

nSLOC

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.