code423n4 commented 2 years ago

Handle

Dravee

Vulnerability details

Impact

Increased gas cost due to unnecessary automatic underflow checks.

Solidity version 0.8+ comes with implicit overflow and underflow checks on unsigned integers.

When an overflow or an underflow isn't possible (as an example, when a comparison is made before the arithmetic operation, or the operation doesn't depend on user input), some gas can be saved by using an unchecked block.

https://docs.soliditylang.org/en/v0.8.10/control-structures.html#checked-or-unchecked-arithmetic

Proof of Concept

In ConvexStakingWrapper.sol:removeVault(), the for-loop wouldn't iterate if vaultsLength == 0:

File: ConvexYieldWrapper.sol
80:             for (uint256 i = 0; i < vaultsLength; i++) {
81:                 if (vaults_[i] == vaultId) {
82:                     bool isLast = i == vaultsLength - 1; //@audit-info can't underflow
83:                     if (!isLast) {
84:                         vaults_[i] = vaults_[vaultsLength - 1]; //@audit-info can't underflow
85:                     }
86:                     vaults_.pop();
87:                     found = true;
88:                     emit VaultRemoved(account, vaultId);
89:                     break;
90:                 }
91:             }

Therefore, lines 82 and 84 can't underflow. They should be inside an unchecked block.

Tools Used

VS Code

Recommended Mitigation Steps

Uncheck arithmetic operations when the risk of underflow or overflow is already contained by wrapping them in an unchecked block

devtooligan commented 2 years ago

This is very similar to #62 and #64

alcueca commented 2 years ago

Up to the judge to group them

GalloDaSballo commented 2 years ago

Leaving https://github.com/code-423n4/2022-01-yield-findings/issues/67 valid but marking the rest as invalid as they are duplicates by the same warden

code-423n4 / 2022-01-yield-findings