search

code-423n4 / 2023-01-drips-findings

0 stars 2 forks source link

Downcasting overflow  #90

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-01-drips/blob/main/src/Drips.sol#L1129

Vulnerability details

Impact

The protocol uses potentially dangerous downcasting to uint32 for retrieving time when need it. Downcasting the block timestamp to uint32 will cause an overflow and protocol misbehavior from the 07 February 2106.

Proof of Concept

In Drips.sol contract L1129

function _currTimestamp() private view returns (uint32 timestamp) {
    return uint32(block.timestamp);
}

Example in Drips.sol for getting the current cycle start timestamp L1135

function _currCycleStart() private view returns (uint32 timestamp) {
    uint32 currTimestamp = _currTimestamp();
    // slither-disable-next-line weak-prng
   return currTimestamp - (currTimestamp % _cycleSecs);
}

Tools Used

Reading the code

Recommended Mitigation Steps

Although the likelihood of this issue is low the potential threat would appear decades in future. I recommand to use bigger data type (eg. using uint40 seems to be way enougth)

GalloDaSballo commented 1 year ago

Downgrading to QA Low

c4-judge commented 1 year ago

GalloDaSballo changed the severity to QA (Quality Assurance)

c4-judge commented 1 year ago

GalloDaSballo marked the issue as grade-c