Flow

Sablier

FoundryDeFi

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

A higher fee rate in `Helpers::calculateAmountsFromFee` results in an arithmetic underflow/overflow

0xcodex

Summary

A vulnerability was discovered in the calculateAmountsFromFee function within the Helpers library, which results in an arithmetic underflow/overflow when the fee parameter exceeds the total amount. This issue arises because the function does not verify whether the fee is less than or equal to the total amount, leading to an unexpected revert with a panic code (0x11). This could lead to denial of service in applications relying on this function for fee validation and may cause unexpected behaviour in systems assuming a consistent execution flow.

Vulnerability Details

The vulnerability occurs because the calculateAmountsFromFee function does not check if the fee parameter is greater than the totalAmount. When fee exceeds totalAmount, the subtraction or division operation results in an arithmetic overflow/underflow, causing the function to revert with a panic code (0x11).

Place the below in your test file.

import { Test, console } from "node_modules/forge-std/src/Test.sol";

import { Helpers } from "src/libraries/Helpers.sol";

import { ud, UD60x18 } from "@prb/math/src/UD60x18.sol";

//The contract exposes the calculateAmountFromFee function as it is an internal function

contract HelpersExposer {

using Helpers for uint128;

function calculateAmountsFromFeeExposed(uint128 totalAmount, UD60x18 fee) public pure returns(uint128 feeAmount, uint128 netAmount)

{

return Helpers.calculateAmountsFromFee(totalAmount, fee);

}

contract CalculateAmountsTest is Test {

HelpersExposer helpersExposer;

function setUp() public {

helpersExposer = new HelpersExposer();

}

function testFeeAmountExceedsTotalAmount() public view {

uint128 totalAmount = 1000;

UD60x18 fee = UD60x18.wrap(1.5e18);

(uint128 feeAmount, uint128 netAmount) = helpersExposer.calculateAmountsFromFeeExposed(totalAmount, fee);

assertLe(feeAmount, totalAmount, "feeAmpount should not exceed totalAmount");

}

Impact

This vulnerability causes the function to revert unexpectedly when the fee exceeds the totalAmount. While this issue may not directly allow unauthorized fund access or data manipulation, it can disrupt the normal functioning of smart contracts that rely on calculateAmountsFromFee for fee validation. If the function is critical to operations or integrated into a larger financial system, this error could affect user experience and system reliability.

Tools Used

Manual review

Recommendations

To mitigate this vulnerability, add a validation check(preferably a `require` statement) in the calculateAmountsFromFee function to ensure fee does not exceed totalAmount before performing arithmetic operations. Implement the following update:

require(fee <= totalAmount, "Fee cannot exceed total amount");

Updates

Lead Judging Commences

inallhonesty Lead Judge

10 months ago

inallhonesty Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

699

29 USDC / LOC

High Medium

19,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.