Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Potential Infinite Loop Risks in `Statistics.sol::sqrt` Function

chaossr

Summary

The sqrt function in this contract, which employs the Babylonian method to calculate the integer square root, does not include a termination condition for cases when x is zero. This could result in an infinite loop, leading to excessive gas consumption and the possibility of denial-of-service (DoS) attacks.

Vulnerability Details

The sqrt function computes the square root by iteratively updating values until convergence. However, if the input x is zero, the function lacks a condition to return immediately, leading to a loop with no termination. This can potentially cause the function to consume all available gas and fail to return, impacting contract reliability and usability.

function sqrt(uint256 x) internal pure returns (uint256 y) {
uint256 z = (x + 1) / 2;
y = x;
while (z < y) {
y = z;
z = (x / z + z) / 2;
}
}

Impact

This issue can cause an infinite loop for an input of x = 0

Tools Used

Manual code review

Recommendations

Add an explicit check for x == 0 to return 0 immediately

function sqrt(uint256 x) internal pure returns (uint256 y) {
if (x == 0) return 0; // Handle x = 0 case explicitly
uint256 z = (x + 1) / 2;
y = x;
while (z < y) {
y = z;
z = (x / z + z) / 2;
}
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.