Closed code423n4 closed 2 years ago
ye0lde
Redundant arithmetic underflow/overflow checks can be avoided when an underflow/overflow cannot happen.
The "unchecked" keyword can be applied here since there is a "require" statement before to ensure the arithmetic operations would not cause an integer underflow or overflow. https://github.com/code-423n4/2021-10-ambire/blob/bc01af4df3f70d1629c4e22a72c19e6a814db70d/contracts/libs/SignatureValidatorV2.sol#L54-L58
Change the code at 57,58 to: IERC1271Wallet wallet; unchecked { wallet = IERC1271Wallet(address(uint160(uint256(sig.readBytes32(sig.length - 33))))); sig.trimToSize(sig.length - 33); }
IERC1271Wallet wallet; unchecked { wallet = IERC1271Wallet(address(uint160(uint256(sig.readBytes32(sig.length - 33))))); sig.trimToSize(sig.length - 33); }
A similar change can be made here: https://github.com/code-423n4/2021-10-ambire/blob/bc01af4df3f70d1629c4e22a72c19e6a814db70d/contracts/libs/SignatureValidatorV2.sol#L31-L32
Visual Studio Code, Remix
Add the "unchecked" keyword as shown above.
resolved in https://github.com/AmbireTech/adex-protocol-eth/commit/d86f7199b39bc52cb88a3d76e2f8f06de10a07e5 and https://github.com/AmbireTech/adex-protocol-eth/commit/67a9bf713e1e21f9d6e5d19dbee1964a2db0fca4
Duplicate of #46
Handle
ye0lde
Vulnerability details
Impact
Redundant arithmetic underflow/overflow checks can be avoided when an underflow/overflow cannot happen.
Proof of Concept
The "unchecked" keyword can be applied here since there is a "require" statement before to ensure the arithmetic operations would not cause an integer underflow or overflow. https://github.com/code-423n4/2021-10-ambire/blob/bc01af4df3f70d1629c4e22a72c19e6a814db70d/contracts/libs/SignatureValidatorV2.sol#L54-L58
Change the code at 57,58 to:
IERC1271Wallet wallet; unchecked { wallet = IERC1271Wallet(address(uint160(uint256(sig.readBytes32(sig.length - 33))))); sig.trimToSize(sig.length - 33); }
A similar change can be made here: https://github.com/code-423n4/2021-10-ambire/blob/bc01af4df3f70d1629c4e22a72c19e6a814db70d/contracts/libs/SignatureValidatorV2.sol#L31-L32
Tools Used
Visual Studio Code, Remix
Recommended Mitigation Steps
Add the "unchecked" keyword as shown above.