Integer Underflow in calculateBlockNormalisedWeight Function
Summary
The calculateBlockNormalisedWeight function is vulnerable to an integer underflow when the multiplier parameter is negative.
Specifically, the subtraction operation uint256(weight) - FixedPoint.mulUp(uint256(-multiplierScaled18), timeSinceLastUpdate) can underflow because it uses unsigned integers without ensuring that the result will not be negative.
This issue could lead to erroneous weight calculations, disrupting the pool's functionality and trading operations.
Vulnerability Details
The vulnerability lies in the following code snippet within the calculateBlockNormalisedWeight function:
When the multiplier is negative, the code negates it (-multiplierScaled18) and calculates the product using FixedPoint.mulUp.
If this product exceeds uint256(weight), the subtraction underflows, causing a runtime error (in Solidity versions >=0.8.0).
Impact
An underflow in this function could:
Disrupt weight calculations, leading to incorrect weight values in the pool.
Cause unexpected transaction reverts, which could harm the user experience and disrupt trading operations.
Recommendations
To address this issue, add a validation check before performing the subtraction to ensure no underflow can occur
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.