Open code423n4 opened 2 years ago
WatchPug
https://github.com/code-423n4/2022-01-timeswap/blob/bf50d2a8bb93a5571f35f96bd74af54d9c92a210/Timeswap/Timeswap-V1-Convenience/contracts/libraries/SquareRoot.sol#L19-L22
function sqrtUp(uint256 y) internal pure returns (uint256 z) { z = sqrt(y); if (z % y > 0) z++; }
For example, when y = 9:
y = 9
z % y > 0
z++
Expected Results: sqrtUp(9) = 4
Actual Results: sqrtUp(9) = 3
Change to:
function sqrtUp(uint256 y) internal pure returns (uint256 z) { z = sqrt(y); if (z * z < y) ++z; }
or
function sqrtUp(uint256 y) internal pure returns (uint256 z) { z = sqrt(y); if (y % z != 0) ++z; }
https://github.com/Timeswap-Labs/Timeswap-V1-Convenience/pull/54
Mathepreneur
commented
2 years ago Mathepreneur
commented
2 years ago
Handle
WatchPug
Vulnerability details
https://github.com/code-423n4/2022-01-timeswap/blob/bf50d2a8bb93a5571f35f96bd74af54d9c92a210/Timeswap/Timeswap-V1-Convenience/contracts/libraries/SquareRoot.sol#L19-L22
For example, when
y = 9:z % y > 0is true, therefore,z++, z is 4Expected Results: sqrtUp(9) = 4
Actual Results: sqrtUp(9) = 3
Recommendation
Change to:
or