DeFiHardhat
21,000 USDC
View results
Submission Details
Severity: medium
Invalid

Integer Overflow Vulnerability in ConvertFacet Contract

Summary

The ConvertFacet contract contains a potential integer overflow vulnerability in the _depositTokensForConvert function.

Vulnerability Details

The overflow happens when an arithmetic operation reaches the maximum size of a type. In the _depositTokensForConvert function, the grownStalk variable, which represents the amount of grown stalk retained to issue to the new deposit, is added to the active stalk minted to the user. However, there is no validation or check to ensure that the addition of grownStalk to the active stalk does not result in an integer overflow.

Impact

If the addition of grownStalk to the active stalk exceeds the maximum representable value for the data type used to store stalk amounts, an integer overflow will occur. This could potentially result in incorrect calculations, unexpected behavior, or even exploitation by attackers.

Tools Used

Manual

Recommendations

  1. Use SafeMath: Implement SafeMath or similar safe arithmetic libraries to perform arithmetic operations on stalk amounts to prevent integer overflow vulnerabilities.

  2. Validate Inputs: Ensure that inputs, such as grownStalk, are properly validated and constrained to prevent values that could lead to integer overflow.

Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.