OrderBook

First Flight #43

Beginner FriendlySolidity

100 EXP

View all submissions

Previous Next

Submission Details

Impact: medium

Likelihood: medium

Invalid

Misuse of ^ Instead of ** for Exponentiation (Syntax Confusion → Incorrect Math Logic)

Author Revealed upon completion

Misuse of ^ Instead of ** for Exponentiation (Syntax Confusion → Incorrect Math Logic)

Description

In Solidity, the ^ operator represents bitwise XOR, not exponentiation. Developers may mistakenly assume x ^ y computes x raised to the power of y, but in Solidity exponentiation is done using **.

This is a common source of logic bugs in mathematical operations. In audited libraries such as OpenZeppelin’s Math.sol, you may encounter:

inverse = (3 * denominator) ^ 2;

This expression performs a bitwise XOR between 3 * denominator and 2, rather than squaring the value as might be assumed.

// inverse = (3 * denominator) ^ 2;

Risk

Likelihood:

This mistake is easy to make — especially by developers coming from other languages where ^ means exponentiation (like Python).
However, compilers do not warn about this — so errors often go unnoticed unless tested.

Impact:

Mathematical calculations are silently incorrect.
Financial formulas relying on accurate math may yield unexpected or unsafe results.
Downstream algorithms using incorrect intermediate values may misbehave or revert.
In financial protocols, this could result in loss of precision, mispriced orders, or protocol insolvency.

Proof of Concept

function test_exponentiationVsXor() public pure {

uint256 x = 3;

uint256 y = 2;

uint256 resultXor = x ^ y;

uint256 resultExp = x ** y;

assertTrue(resultXor != resultExp, "XOR and exponentiation are not the same");

assertEq(resultXor, 1);

assertEq(resultExp, 9);

}

Recommended Mitigation

Use ** for exponentiation in all Solidity code.

Never use ^ unless explicitly performing bitwise XOR.

Add inline comments where XOR is used intentionally

Updates

Lead Judging Commences

yeahchibyke Lead Judge 1 day ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

nSLOC

217

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

View preliminary results

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.