Dria

Swan
NFTHardhat
21,000 USDC
View results
Submission Details
Severity: high
Valid

There is a mistake in the computation of variable.

Summary

There is a computation mistake in the variable function.

Vulnerability Details

uint256 diff = data[i] - mean;

Impact

When calls the variable function, always revert underflow Error of uint256.

Because mean is bigger than some data[i].

Tools Used

Manual

function variance(uint256[] memory data) internal pure returns (uint256 ans, uint256 mean) {
mean = avg(data);
uint256 sum = 0;
for (uint256 i = 0; i < data.length; i++) {
- uint256 diff = data[i] - mean;
+ uint256 diff = data[i] > mean ? data[i] - mean : mean - data[i];
sum += diff * diff;
}
ans = sum / data.length;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge
8 months ago
inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Underflow in computing variance

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.