Tadle
Tadle
DeFiFoundry
27,750 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Risk of Integer Overflow in `offerId` Increment

swapnaliss

Vulnerability Details:

In the PreMarkets contract, the offerId is incremented without any safeguards against potential overflow:

offerId = offerId + 1;

If the offerId reaches its maximum value (2^256 - 1 for uint256), it will wrap around to zero upon the next increment.

Impact:

An overflow in offerId can lead to the reuse of previously assigned IDs, which might result in conflicts within the offer management system. This could corrupt data structures, compromise the system's integrity, and potentially cause severe operational issues.

Proof of concept :

The vulnerability is demonstrated in the following example:
Link to code

Link to code

function demonstrateOverflow() public {
uint256 maxUint = type(uint256).max;
offerId = maxUint;
// Incrementing offerId here will cause an overflow
offerId = offerId + 1;
assert(offerId != 0);
// The assertion will fail, highlighting the overflow issue
}

Tools Used

Recommendations:

Safe Arithmetic: Incorporate OpenZeppelin's SafeMath library to prevent overflows and ensure safe arithmetic operations.

Limit Enforcement: Introduce a maximum cap for offerId and implement logic to handle situations when this cap is reached, preventing overflow and maintaining system integrity.

Updates

Lead Judging Commences

0xnevi Lead Judge
about 1 year ago
0xnevi Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.