Integer Overflow/Underflow
Summary
Location: ChainlinkOracle.sol (lines 39-39)
The contract multiplies oracle data by a power of 10 without thoroughly
checking for potential overflow conditions. While the comment indicates this is
'extremely improbable', it still represents a mathematical risk.
Vulnerability Details
Location: ChainlinkOracle.sol (lines 39-39)
The contract multiplies oracle data by a power of 10 without thoroughly
checking for potential overflow conditions. While the comment indicates this is
'extremely improbable', it still represents a mathematical risk.
Code Snippet:
data = data * int(10 ** normalizationFactor);
Prevention:
Use SafeMath library for Solidity < 0.8.0
Use Solidity 0.8.0+ with built-in overflow checks
Add explicit bounds checking
Impact
Incorrect calculations leading to fund loss or broken contract logic.
Tools Used
Recommendations
Implement explicit bounds checking before multiplication or use a
SafeMath-style library for the multiplication operation, even though Solidity 0.8+
includes overflow checks.
Lead Judging Commences
Informational or Gas / Admin is trusted / Pool creation is trusted / User mistake / Suppositions
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.