Liquidity Management
Gamma
DeFiFoundry
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Code Improvement Report - MarketUtils.sol (Underflow Condition)

hunterspartan5

Summary

Inside MarketUtils.sol, there is a function sumReturnUint256:

function sumReturnUint256(uint256 a, int256 b) internal pure returns (uint256) {
if (b > 0) {
return a + uint256(b);
}
return a - uint256(-b);
}

When b < 0 and the absolute value of b is greater than a, an underflow condition may occur.

Vulnerability Details

This function does not properly handle cases where b is negative and exceeds a, leading to an underflow error. This can result in unintended behavior and incorrect calculations.

Impact

  • Incorrect Computations: Arithmetic underflow may lead to improper calculations, causing inaccurate results in functions relying on this logic.

  • Potential Security Risks: If this function is used in sensitive financial calculations, an underflow could lead to unexpected contract behavior.

Tools Used

  • Manual Code Review

  • Solidity Static Analysis Tools

Recommendations

Solution: Implement Safe Math Operations

Refactor sumReturnUint256 to include checks preventing underflow conditions.

Updated Code

function sumReturnUint256(uint256 a, int256 b) internal pure returns (uint256) {
if (b > 0) {
return a + uint256(b);
}
require(a >= uint256(-b), "Underflow detected");
return a - uint256(-b);
}

This ensures that a is large enough to handle the subtraction, preventing underflow errors.

Updates

Lead Judging Commences

n0kto Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational or Gas

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.