Issue of Underflow in `stepSun` Function of `Sun` Contract
Summary
The Sun contract manages the minting of Beans to various entities and adjusts the supply of Soil based on oracle data and weather conditions. The stepSun function has potential underflow issue.
Vulnerability Details
The issue lies in the calculation s.sys.fields[s.sys.activeField].harvestable - priorHarvestable within the stepSun function. If priorHarvestable (previous harvestable amount) is greater than s.sys.fields[s.sys.activeField].harvestable (current harvestable amount), the subtraction s.sys.fields[s.sys.activeField].harvestable - priorHarvestable could result in a negative number.
See the following code:
Impact
If underflow occurs, the setSoilAbovePeg function might receive an incorrect or unexpected value for newHarvestable, leading to incorrect issuance of Soil. This could disrupt the intended economic model of the contract and affect the stability of Soil supply. This underflow can also lead to DOS as it will face continous reverts.
Tools Used
Manual Review
Recommendations
Implement checks to ensure that priorHarvestable is not greater than s.sys.fields[s.sys.activeField].harvestable before performing the subtraction operation. This can prevent underflow by ensuring valid input conditions.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.