Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Overflow in Variance Calculation

axicnode398

  • Location: contracts/libraries/Statistics.sol

function variance(uint256[] memory data) internal pure returns (uint256 ans, uint256 mean) {
mean = avg(data);
uint256 sum = 0;
for (uint256 i = 0; i < data.length; i++) {
uint256 diff = data[i] - mean;
sum += diff * diff; // Potential overflow in diff * diff if diff is large
}
ans = sum/data.length;
}

  • Problem: The line sum += diff * diff may overflow if diff is large, especially for high values of data[i]. Since diff is squared, this can easily exceed the uint256 limit.

  • Recommendation: Use Solidity’s overflow checks (built-in for Solidity >=0.8) or break up calculations into smaller components if working with large values. Alternatively, consider scaling down the values before squaring to reduce the risk of overflow.

  • Tools used: Github and VSC.

  • POC :

uint256;
largeValues[0] = type(uint128).max;
largeValues[1] = type(uint128).max;
(uint256 variance, uint256 mean) = Statistics.variance(largeValues); // Overflow risk

  • Expected Outcome: If overflow occurs, variance will produce an incorrect result or revert (in Solidity >=0.8.0 due to automatic checks). This shows that the function does not handle large values robustly.

  • Impact: Overflow can result in incorrect calculations, which could propagate incorrect data to other parts of the contract, potentially impacting financial calculations or data integrity.

Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.