Submission Details
Severity:
Tansaction will never revert when result is negative in `LibRedundantMathSigned128::sub()` function
Relevant GitHub Links
Summary
The `LibRedundantMathSigned128::sub()` function is supposed to revert when there is an overflow or an underflow and also when a negative number is returned. But currently when a negative number is returned the function does not revert and returns the negative number.
Vulnerability Details
// SPDX-License-Identifier: MIT
contract sub {
function subtract(int128 a, int128 b) public pure returns (int128) {
return a - b;
}
}
Executing this piece of code on (https://remix.ethereum.org/) with the example values of a=10 and b=20 will not cause an error, even though 10-20=-10 returned a negative value.
Impact
Negative values will be returned where either a revert or a positive value was expected.
Tools Used
remix.ethereum.org
Recommendations
function add(int128 a, int128 b) internal pure returns (int128) {
+ require(a >= b, "Negative value is not allowed")
return a + b;
}
Prize pool breakdown
Total prize
250,000 USDC
nSLOC
12,28520 USDC / LOC
220,000 USDC
10,000 USDC
20,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.