SSSwap

First Flight #41

Beginner FriendlyRust

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Precision Loss in Large Value Calculations

evmninja

Root + Impact

Description

The codebase includes multiple conversions from u128 to u64 without adequate checks, potentially causing precision loss for large token amounts and affecting users with significant liquidity positions.

Mechanism: The code performs arithmetic operations using u128 to avoid overflow but then casts results back to u64 without verifying that no precision is lost.

Root Cause: Direct casting from u128 to u64 without checking if the value exceeds u64::MAX:

let amount_a_to_return_u128 = (lpt_to_redeem as u128)

.checked_mul(reserve_a as u128)

.ok_or(AmmError::Overflow)?

.checked_div(total_lp_supply as u128)

.ok_or(AmmError::DivisionByZero)?;

let amount_a_to_return = amount_a_to_return_u128 as u64; // Unsafe cast

Attack Vector: Not directly exploitable, but could affect high-value users by truncating their token amounts if calculations exceed u64::MAX.
Similar patterns appear in multiple locations, including lines 328-332 and in the liquidity_calculation function.

Risk

Likelihood:

Likelihood Assessment:

Attack Complexity: High - Requires extremely large token amounts
Prerequisites: Very large liquidity positions or token supplies

Impact:

Impact Assessment:

Integrity: Low - Could affect calculation accuracy in extreme cases
Financial: Low - Potential loss of funds only in edge cases with very large values

Proof of Concept

N/A

Recommended Mitigation

Add overflow checks before casting from u128 to u64:

let amount_a_to_return_u128 = (lpt_to_redeem as u128)

.checked_mul(reserve_a as u128)

.ok_or(AmmError::Overflow)?

.checked_div(total_lp_supply as u128)

.ok_or(AmmError::DivisionByZero)?;

// Check that the u128 value fits in a u64

require!(

amount_a_to_return_u128 <= u64::MAX as u128,

AmmError::Overflow

);

let amount_a_to_return = amount_a_to_return_u128 as u64;

Apply similar checks to all locations where u128 is cast to u64.

Updates

Lead Judging Commences

0xtimefliez Lead Judge 5 days ago

Submission Judgement Published

Validated

Assigned finding tags:

Unsafe Casting

Rewards breakdown

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.