First Flight #8: Math Master
First Flight #8
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Use of OR in MathMasters::mulWadUp overflow check results in overflow.

808Nestor

Summary

Use of OR in MathMasters::mulWadUp overflow check results in overflow.

Vulnerability Details

The function checks for potential overflow in the context of fixed-point arithmetic by using the OR operator. However, the OR operator itself can cause an overflow. In this case, the first condition checks if y is non-zero and if x is greater than the maximum value divided by y. The second condition checks if x is non-zero.

Impact

In situations where x is 2 and y is 5.789e76, an overflow will occur.

Tools Used

Foundry:: Forge::Fuzz Test

function test_fuzz_mulWadUp(uint256 fuzzX, uint256 fuzzY) public {
// ARRANGE: specify input conditions
uint256 x = fuzzX;
uint256 y = fuzzY;
// ACT: call target contracts
uint256 z = MathMasters.mulWadUp(x, y);
uint256 solution = (x * y) / (1e18);
if (solution * 1e18 < x * y) {
solution += 1;
}
// ASSERT: check output states
assertEq(z, solution);
}

Recommendations

Use a different method to check for potential overflow or do not check for x being non-zero. The equivalent function in solady, for example, does not check if x is non-zero in its overflow check.

- if mul(y, gt(x, or(div(not(0), y), x))) {
+ if mul(y, gt(x, div(not(0), y))) {
Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

`mulWadUp` has a bad overflow check

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.