Return an Overflowed value from getDepositChane()
Summary
The function getDepositChange() in the VaultControllerStrategy.sol contract calculates the difference between totalBalance and totalDeposits by casting their values from unsigned integers (likely uint256) to signed integers (int). Specifically, the function returns:
Impact
-
Overflow or Underflow Risk:
If either totalBalance or totalDeposits is greater than
2^255−1 (the maximum value that int256 can store), casting the uint256 value to int256 will result in a value overflow. This could lead to negative or incorrect values, breaking the expected logic of the function and introducing unpredictable behavior in the contract. -
Security Vulnerability
his issue presents a vulnerability, where malicious actors could attempt to exploit the overflow to manipulate deposit or balance calculations to their advantage, potentially disrupting the contract’s operations or misappropriating funds.
Recommendations
-
Check for Overflows:
Before performing the casting operation, ensure that bothtotalBalanceandtotalDepositsare within the allowable range for int256. This can be achieved with the following checks:
``javascript
require(totalBalance <= type(int256).max, "Overflow: total balance exceeds int256 max value");
require(totalDeposits <= type(int256).max, "Overflow: total deposits exceed int256 max value");
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.