The calculateBlockNormalisedWeight function is vulnerable to an integer underflow when the multiplier parameter is negative.
Specifically, the subtraction operation uint256(weight) - FixedPoint.mulUp(uint256(-multiplierScaled18), timeSinceLastUpdate) can underflow because it uses unsigned integers without ensuring that the result will not be negative.
This issue could lead to erroneous weight calculations, disrupting the pool's functionality and trading operations.
The vulnerability lies in the following code snippet within the calculateBlockNormalisedWeight function:
When the multiplier is negative, the code negates it (-multiplierScaled18) and calculates the product using FixedPoint.mulUp.
If this product exceeds uint256(weight), the subtraction underflows, causing a runtime error (in Solidity versions >=0.8.0).
An underflow in this function could:
Disrupt weight calculations, leading to incorrect weight values in the pool.
Cause unexpected transaction reverts, which could harm the user experience and disrupt trading operations.
To address this issue, add a validation check before performing the subtraction to ensure no underflow can occur
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.