Zaros Part 1

Zaros

DeFiFoundry

60,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

revert due to arithmetic underflow or overflow

air

Summary

The function convertTokenAmountToUd60x18() does handle large input amounts, leading to arithmetic overflow/overflow error when converting to the UD60x18 format

Vulnerability Details

Below is the convertTokenAmountToUd60x18() function :

function convertTokenAmountToUd60x18(Data storage self, uint256 amount) internal view returns (UD60x18) {

if (Constants.SYSTEM_DECIMALS == self.decimals) {

@@----> return ud60x18(amount);

}

@@----> return ud60x18(amount * 10 ** (Constants.SYSTEM_DECIMALS - self.decimals));

}

The issue is that the conversion to ud60x18 doesn't handle very large numbers correctly. When a large number like 1362e66 smaller than the maximum value of uint256 is used , it exceeds the maximum value that can be represented by the ud60x18 type, causing an overflow error

POC

// SPDX-License-Identifier: UNLICENSED

pragma solidity 0.8.25;

import { Base_Test } from "test/Base.t.sol";

contract poc is Base_Test {

function setUp() public override {

Base_Test.setUp();

}

// test pass

// Traces:

// [8145] poc::test_1()

// ├─ [2355] USDC::decimals() [staticcall]

// │ └─ ← [Return] 6

// └─ ← [Stop]

function test_1 (uint256 amount) public {

vm.assume(amount <= 1362e60) ;

convertTokenAmountToUd60x18(address(usdc), amount);

}

//Revert due to overflows

// Traces:

// [8116] poc::test_2()

// ├─ [2355] USDC::decimals() [staticcall]

// │ └─ ← [Return] 6

// └─ ← [Revert] panic: arithmetic underflow or overflow (0x11)

function test_2 (uint256 amount) public {

vm.assume(amount >= 1362e66) ;

convertTokenAmountToUd60x18(address(usdc), amount);

}

Impact

Transactions involving large token amounts might consistently fail . it could also lead to unexpected behaviors

Tools Used

Foundry

Recommendations

Implement a check to ensure the input amount does not exceed the maximum value

Updates

Lead Judging Commences

inallhonesty Lead Judge

about 1 year ago

inallhonesty Lead Judge 12 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

60,000 USDC

nSLOC

2,878

21 USDC / LOC

High Medium

50,000 USDC

Low

5,500 USDC

Judges

4,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.