GalloDaSballo
commented
2 years ago I've run the math on this in another contest.
-
blockTimestamp - blockTimestampLastthis cannot reasonably underflow as currentTime >= lastBlock by definition -
reserve0Cumulative += _reserve0 * timeElapsed;
It would require Billion of Years, trading Quadrillion of ETH in volume each day to reach the requirement for overflow.
Because of that, I'm downgrading to QA
Lines of code
https://github.com/Plex-Engineer/stableswap/blob/489d010eb99a0885139b2d5ed5a2d826838cc5f9/contracts/BaseV1-core.sol#L256 https://github.com/Plex-Engineer/stableswap/blob/489d010eb99a0885139b2d5ed5a2d826838cc5f9/contracts/BaseV1-core.sol#L192
Vulnerability details
Impact
Overflow is desired in the original version of UniswapV2 and it’s broken because of using Solidity version >0.8, which will impact and breakdown functionally of the
BaseV1Pairand further breaks other parts of the blockchain that relies on.Proof of Concept
Because of breaking changes in Solidity v0.8.0:
When overflow is desired will generate reverting problems with Solidity version > 0.8.0
BaseV1-core.solwhen callingmint(address to)fromBaseV1Paircontract will tray to update as oracle sender by calling_update()which has subtraction overflow is desired atblockTimestamp - blockTimestampLasthttps://github.com/Plex-Engineer/stableswap/blob/489d010eb99a0885139b2d5ed5a2d826838cc5f9/contracts/BaseV1-core.sol#L156-L160
currentCumulativePrices()https://github.com/Plex-Engineer/stableswap/blob/489d010eb99a0885139b2d5ed5a2d826838cc5f9/contracts/BaseV1-core.sol#L181
Recommended Mitigation Steps
using
unchecked {}code block