SSSwap
First Flight #41
Beginner FriendlyRust
100 EXP
View results
Previous Next
Submission Details
Impact: high
Likelihood: high
Invalid

Integer Overflow/Underflow in Liquidity Calculations inside the `liquidity_operations.rs`

mishraji874

Description: While the code uses checked_* operations in many places, there are still potential overflow/underflow vulnerabilities in the liquidity calculations, particularly when converting between u128 and u64 types. The liquidity_calculation function calculates the square root of the product of token amounts, but doesn't properly check if the result exceeds u64 max value before casting.

Impact: An attacker could manipulate token amounts to cause overflows, potentially minting more LP tokens than they should receive or stealing funds from the pool.

Proof of Concept: Provide extremely large token amounts that, when multiplied and square rooted, would exceed u64 max value but appear valid when cast down from u128.

Recommended Mitigation: Add explicit checks before casting from u128 to u64 to ensure the value fits within u64 range:

fn liquidity_calculation(amount_token_a: u64, amount_token_b: u64) -> Result<u64> {
let amount_a_u128 = amount_token_a as u128;
let amount_b_u128 = amount_token_b as u128;
let lp_amount_to_mint_u128 = amount_a_u128
.checked_mul(amount_b_u128)
.ok_or(AmmError::Overflow)?
.sqrt();
// Check if result exceeds u64::MAX before casting
if lp_amount_to_mint_u128 > u64::MAX as u128 {
return err!(AmmError::Overflow);
}
let lp_amount_to_mint = lp_amount_to_mint_u128 as u64; // Cast back to u64
// Check if the result is zero (could happen with very small initial amounts)
if lp_amount_to_mint == 0 {
return err!(AmmError::LpAmountCalculation);
}
Ok(lp_amount_to_mint)
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge 14 days ago
Submission Judgement Published
Invalidated
Reason: Too generic

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.