First Flight #8: Math Master

First Flight #8

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Identification of Potential Issues in MathMasters Library Code by ljb630

ljb630

Summary:
Upon review, the following findings were identified:

Vulnerability Details:
Division by Zero Check:
The mulWad and mulWadUp functions include unnecessary division by zero checks.
Overflow Handling:
The code lacks protection against overflow in intermediate steps during multiplication.
Gas Optimization:
The sqrt function's square root calculation could be optimized for reduced gas consumption.
Consistent Error Handling:
Error handling is inconsistent across functions, present for multiplication but not for other operations.
Inline Assembly Usage:
The use of inline assembly may compromise code readability and maintenance.
Impact:
These issues could potentially lead to unexpected behavior, inefficiency, or vulnerabilities in smart contracts utilizing the MathMasters library.

Tools Used:
Manual code review and analysis techniques were used to identify the potential issues.

Recommendations:
Remove unnecessary division by zero checks in mulWad and mulWadUp functions.
Implement safe arithmetic operations to mitigate overflow risks during multiplication.
Optimize the sqrt function's square root calculation for gas efficiency.
Ensure consistent error handling across all functions.
Consider refactoring inline assembly to Solidity for improved code clarity and ease of maintenance.

SafeMath library from OpenZeppelin is used to perform arithmetic operations safely, reducing the risk of overflow vulnerabilities.
Code:

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.3;

import "@openzeppelin/contracts/utils/math/SafeMath.sol";

library MathMasters {
using SafeMath for uint256;

/*//////////////////////////////////////////////////////////////
                             ERRORS
//////////////////////////////////////////////////////////////*/
error MathMasters__FactorialOverflow();
error MathMasters__MulWadFailed();

/*//////////////////////////////////////////////////////////////
/*              SIMPLIFIED FIXED POINT OPERATIONS             */
//////////////////////////////////////////////////////////////*/

/// @dev Equivalent to `(x * y) / WAD` rounded down.
function mulWad(uint256 x, uint256 y) internal pure returns (uint256 z) {
    z = x.mul(y).div(1e18);
    require(y == 0 || z.div(y) == x, "MathMasters__MulWadFailed");
}

/// @dev Equivalent to `(x * y) / WAD` rounded up.
function mulWadUp(uint256 x, uint256 y) internal pure returns (uint256 z) {
    z = x.mul(y).add(1e18 - 1).div(1e18);
}

/*//////////////////////////////////////////////////////////////
/*                  GENERAL NUMBER UTILITIES                  */
//////////////////////////////////////////////////////////////*/

/// @dev Returns the square root of `x`.
function sqrt(uint256 x) internal pure returns (uint256 z) {
    if (x == 0) return 0;
    if (x <= 3) return 1;

    z = x;
    uint256 rootPrev = 0;
    while (z < rootPrev) {
        rootPrev = z;
        z = (x.div(z).add(z)).div(2);
    }
}

}

Updates

Lead Judging Commences

inallhonesty Lead Judge

over 1 year ago

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Lack of quality

Rewards breakdown

nSLOC

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.