Open Interest Underflow Vulnerability
Summary
A critical integer underflow vulnerability exists in the sumReturnUint256 function when handling negative open interest adjustments. This allows malicious actors to manipulate collateral requirements and trigger unintended liquidations.
Vulnerability Details
Affected Code
Technical Analysis
-
When
bis negative anduint256(-b) > a, subtraction underflows -
Returns extremely large value (2^256 - difference)
-
Affects
getMinCollateralFactorForOpenInterestcalculation:SOLIDITYopenInterest = sumReturnUint256(openInterest, openInterestDelta);
Attack Scenario
Market with 100 ETH open interest
Attacker submits -150 ETH delta
sumReturnUint256(100, -150)→ 2^256 - 50Min collateral factor becomes astronomically high
All positions appear undercollateralized
Impact
Protocol risk calculations become unreliable
Potential complete depletion of collateral pools
Tools Used
Manual review
Lead Judging Commences
Informational or Gas
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Suppositions
There is no real proof, concrete root cause, specific impact, or enough details in those submissions. Examples include: "It could happen" without specifying when, "If this impossible case happens," "Unexpected behavior," etc. Make a Proof of Concept (PoC) using external functions and realistic parameters. Do not test only the internal function where you think you found something.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.