Duplicate Function Names with Different Behaviors in Market.sol
Summary
The Market library contains two functions named updateTotalDelegatedCredit with different input types and behaviors, which could lead to confusion and potential misuse.
Vulnerability Details
// First implementation - handles unsigned
function updateTotalDelegatedCredit(Data storage self, UD60x18 creditDeltaUsdX18) internal {
self.totalDelegatedCreditUsd = ud60x18(self.totalDelegatedCreditUsd).add(creditDeltaUsdX18).intoUint128();
}
// Second implementation - handles signed
function updateTotalDelegatedCredit(Data storage self, SD59x18 creditDeltaUsdX18) internal {
self.totalDelegatedCreditUsd = ud60x18(self.totalDelegatedCreditUsd).intoSD59x18().add(creditDeltaUsdX18).intoUD60x18().intoUint128();
}
Impact
Could lead to incorrect credit updates if wrong overload is used
Maintenance confusion and increased chance of errors in future updates
Potential unexpected behavior due to different type conversions
Tools Used
Manual code review
Recommendations
Rename functions to clearly indicate their purpose:
function updateTotalDelegatedCreditUnsigned(Data storage self, UD60x18 creditDeltaUsdX18) internal {
self.totalDelegatedCreditUsd = ud60x18(self.totalDelegatedCreditUsd).add(creditDeltaUsdX18).intoUint128();
}
function updateTotalDelegatedCreditSigned(Data storage self, SD59x18 creditDeltaUsdX18) internal {
self.totalDelegatedCreditUsd = ud60x18(self.totalDelegatedCreditUsd).intoSD59x18().add(creditDeltaUsdX18).intoUD60x18().intoUint128();
}
Or consolidate into a single function with proper validation:
function updateTotalDelegatedCredit(Data storage self, SD59x18 creditDeltaUsdX18) internal {
self.totalDelegatedCreditUsd = ud60x18(self.totalDelegatedCreditUsd)
.intoSD59x18()
.add(creditDeltaUsdX18)
.intoUD60x18()
.intoUint128();
}
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.