While all other contracts use Solidity compiler version 0.8.6, UniswapV3Helper uses version 0.7.5 because as noted in the documentation “it's not easy to port to 0.8.” This however means that contracts/functions in this file do not get the automatic arithmetic checks like other files.
While there are no obvious overflow/underflows observed, it is safer to use SafeMath for arithmetic operations in this file.
Handle
0xRajeev
Vulnerability details
Impact
While all other contracts use Solidity compiler version 0.8.6, UniswapV3Helper uses version 0.7.5 because as noted in the documentation “it's not easy to port to 0.8.” This however means that contracts/functions in this file do not get the automatic arithmetic checks like other files.
While there are no obvious overflow/underflows observed, it is safer to use SafeMath for arithmetic operations in this file.
Proof of Concept
https://github.com/code-423n4/2021-09-wildcredit/blob/c48235289a25b2134bb16530185483e8c85507f8/contracts/UniswapV3Helper.sol#L3
https://github.com/code-423n4/2021-09-wildcredit/blob/c48235289a25b2134bb16530185483e8c85507f8/contracts/UniswapV3Helper.sol#L157-L160
https://github.com/code-423n4/2021-09-wildcredit/blob/c48235289a25b2134bb16530185483e8c85507f8/contracts/UniswapV3Helper.sol#L187-L194
Tools Used
Manual Analysis
Recommended Mitigation Steps
Use SafeMath