Submission Details
Severity:
function mulWadUp overflow, does not protect against over flow.
Summary
On the library function MathMasters::mulWadUp, the if statement to prevent overflow is not working. when x is type(uint256).max and y is over 1, revert does not occur as I think it should.
Vulnerability Details
Depending on what the contract uses the library for and what the contract uses this function for, will determine the severity of the vulnerabilities. The following could include:
Financial Loss
Unexpected behavior
Denial of Service (DoS)
Exploitation by Attackers:
Impact
function testMulWadUpOverflow() public {
uint x = type(uint).max;
uint y = 1;
assertEq(MathMasters.mulWadUp(x, y), 115792089237316195423570985008687907853269984665640564039458);
Running 1 test for test/MathMasters.t.sol:MathMastersTest
[PASS] testMulWadUpOverflow() (gas: 446)
Traces:
[446] MathMastersTest::testMulWadUpOverflow()
└─ ← ()
}
This number stays the same if uint x = type(uint).max, y can be anything above 0. If uint y is 0 then the result is 0.
Tools Used
Foundary
Remix.
Recommendations
- if mul(y, gt(x, or(div(not(0), y), x)))
+ if or(iszero(y), gt(x, div(sub(not(0), y), y)))
Updates
Lead Judging Commences
inallhonesty over 1 year ago
Submission Judgement Published Assigned finding tags:
`mulWadUp` has a bad overflow check
Rewards breakdown
nSLOC
46This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.