[M-01] Improper Handling of Negative SD59x18 Inputs in convertSd59x18ToTokenAmount
Summary
The function convertSd59x18ToTokenAmount is responsible for converting a signed decimal (SD59x18) amount to an unsigned integer (uint256) token amount, but it lacks input validation for negative values. Since SD59x18 is a signed type, passing a negative value could result in an underflow when converting to uint256, leading to a large, incorrect token amount.
Vulnerability Details
Impacted code:
Impact
I've rated this as a Medium because the lack of input validation can lead to significant financial discrepancies or system inconsistencies. While it does not directly allow unauthorized access or control, it can be exploited to manipulate token amounts.
A negative SD59x18 value is passed to the convertSd59x18ToTokenAmount function.
The function converts this negative value to uint256, resulting in a large unintended value due to underflow.
This incorrect token amount is then used in subsequent calculations or transactions, leading to financial discrepancies.
Recommendations
implement input validation to check for negative values before conversion. If a negative value is detected, revert the transaction with an appropriate error message.
This update ensures only valid, non-negative values are processed.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.