Overflow in distributePoints() Function can cause DOS
Summary
The distributePoints() function in the FjordPoints contract contains a multiplication operation that could lead to an overflow if the values of pointsPerEpoch and PRECISION_18 are too large. This overflow can result in incorrect calculations for the distribution of points, potentially leading to inaccurate distribution of rewards to users.
Vulnerability Details
https://github.com/Cyfrin/2024-08-fjord/blob/0312fa9dca29fa7ed9fc432fdcd05545b736575d/src/FjordPoints.sol#L243
The line of code multiplies pointsPerEpoch by PRECISION_18 to calculate the total points to distribute, adjusted for precision. However, if pointsPerEpoch is set to a very high value, the result of pointsPerEpoch.mul(PRECISION_18) can exceed the maximum value that a uint256 can hold, leading to an overflow. This overflow would wrap around, resulting in a significantly lower number than expected, and would corrupt the calculation of pointsPerToken.
Example with Real Values:
Example with Real Values
pointsPerEpoch: Set to 10^40, an arbitrarily high number to illustrate the overflow scenario.PRECISION_18: Set to 10^18, a constant used for maintaining precision.weeksPending: Assume 1, representing the number of weeks that have passed since the last distribution.totalStaked: Set to 10^24, a realistic total stake.
Multiplication result:
This result 10^58 is still within the uint256 maximum value, but if pointsPerEpoch is increased to even larger values (close to 10^39 or more), the multiplication would exceed the maximum value of a uint256causing an overflow.
Impact
DOS of the system
Tools Used
Manual
Recommendations
Pre-check Multiplication Feasibility: Before performing the multiplication, introduce a check to ensure that the result will not exceed the uint256 limit.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.