Flow
Sablier
FoundryDeFi
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Improper Use of unchecked Block

hackz

Summary

The use of the unchecked block in the SablierFlow.sol contract may lead to unintended arithmetic overflow or underflow, compromising the integrity of financial calculations.

Finding Description

The unchecked keyword is employed to prevent automatic checks for arithmetic overflows and underflows in Solidity. While this can save gas, it also poses a significant risk if used without a thorough understanding of the potential outcomes. Specifically, if calculations involving financial balances or state variables do not properly handle edge cases, malicious actors could exploit this oversight.

This vulnerability breaks the security guarantee of integrity, as it allows potential discrepancies in financial state due to incorrect arithmetic operations. An attacker could input values that lead to unintended behaviors, such as negative balances or unintended token transfers, thus propagating through the system and potentially draining funds or causing contract states to become inconsistent.

Vulnerability Details

Using unchecked prevents Solidity from reverting transactions upon arithmetic errors. If critical state updates rely on calculations performed within an unchecked block, it could allow values to overflow (roll over to zero) or underflow (roll under zero), leading to inconsistencies in user balances, debt calculations, and overall contract state.

For example, if the following operation is performed:

unchecked {
balance -= amount; // If amount > balance, balance can underflow to a large value.
}

If amount exceeds balance, the resulting balance could become a large positive number instead of reverting, allowing malicious interactions to exploit this flaw.

Impact

The impact of this vulnerability is high. It may lead to loss of user funds, improper state updates, and damage to the overall trust in the contract. Users may find themselves unable to withdraw their funds, or worse, an attacker could drain the contract by manipulating values that rely on the affected calculations. Given that this contract likely handles financial assets, any such discrepancies can have severe implications.

Proof of Concept

A simple proof of concept to illustrate the vulnerability is as follows:

contract VulnerableContract {
uint256 public balance;
function withdraw(uint256 amount) public {
unchecked {
balance -= amount; // Potential underflow if amount > balance.
}
}
}

In this example, if balance is 0 and amount is 1, the resulting balance will overflow and become a large positive value.

Recommendations

To address this vulnerability, it is crucial to implement proper checks on arithmetic operations to prevent underflow and overflow conditions. Here’s a snippet of the corrected code:

function withdraw(uint256 amount) public {
require(balance >= amount, "Insufficient balance"); // Ensure balance is sufficient.
balance -= amount; // Safe subtraction since we have checked the balance.
}

By implementing a require statement before the arithmetic operation, we can ensure that the state remains consistent, and avoid potential exploitation through arithmetic vulnerabilities.

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.