Tadle
Tadle
DeFiFoundry
27,750 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Risk of Underflow in Refund Calculation for Aborted Ask Offers

swapnaliss

Vulnerability Details:

Within the abortAskOffer function, there's a subtraction operation that may underflow if transferAmount slightly exceeds totalDepositAmount, particularly when earlier calculations have introduced precision loss.

Impact:

An underflow in this calculation could lead to an inaccurate makerRefundAmount, resulting in possible financial discrepancies, which may harm users or the platform.

Proof of concept:

The potential issue is illustrated in the following example:
Link to code

function demonstrateUnderflowRisk(uint256 transferAmount, uint256 totalDepositAmount) public pure returns (uint256) {
if (transferAmount > totalDepositAmount) {
unchecked {
return transferAmount - totalDepositAmount;
}
} else {
return 0;
}
}
// Example:
// demonstrateUnderflowRisk(100, 99)
// Returns 1, which is correct
// However:
// demonstrateUnderflowRisk(2^256 - 1, 2^256 - 2)
// Returns a huge value due to underflow, rather than 1

Tools Used

Recommendations:

To prevent the underflow, implement a safeguard before performing the subtraction:

require(transferAmount >= totalDepositAmount, "Underflow risk");
makerRefundAmount = transferAmount - totalDepositAmount;

This ensures that the subtraction operation is safe and will not result in underflow.

Updates

Lead Judging Commences

0xnevi Lead Judge
about 1 year ago
0xnevi Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.