DeFiHardhat
12,000 USDC
View results
Submission Details
Severity: low
Invalid

Potential Overflow in `calcLpTokenSupply` Function

Summary

.

Vulnerability Details

The calcLpTokenSupply function calculates the supply of LP tokens based on the constant product formula for liquidity reserves. It multiplies the two reserves and a precision factor before taking the square root:

function calcLpTokenSupply(
uint256[] calldata reserves,
bytes calldata
) external pure override returns (uint256 lpTokenSupply) {
lpTokenSupply = (reserves[0] * reserves[1] * EXP_PRECISION).sqrt();
}

This function assumes that the reserves are within a range that, when multiplied, do not exceed the maximum value of a uint256. However, if both reserves are very large (>= 10^32.5), the multiplication could result in an overflow, causing the function to revert and fail to return the LP token supply.

Impact

An overflow in this function would prevent the correct calculation of LP token supply, potentially disrupting the functionality of the liquidity pool and any dependent systems or transactions.

Tools Used

Manual

Recommendations

To mitigate this issue, implement checks to ensure that the reserves do not exceed a safe threshold before the multiplication occurs. This could involve setting maximum reserve limits or introducing a safeguard function that checks for potential overflows and handles them gracefully. Additionally, using a well-tested library like OpenZeppelin's SafeMath (for versions prior to 0.8.x) or built-in overflow checks can help prevent such issues.

Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice
Assigned finding tags:

Informational/Invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.