Closed code423n4 closed 1 year ago
Great find! For anyone interested, I can recommend reading https://docs.soliditylang.org/en/v0.8.17/types.html#addition-subtraction-and-multiplication
Leaving it open for sponsor review, but due to the low likelihood of becoming a real issue, I'm inclined to downgrade to QA (Low).
Okay this is only a problem when y == -2**256? because taking the negative of this number reverts?
kyscott18 requested judge review
Okay this is only a problem when y == -2**256? because taking the negative of this number reverts?
It reverts if y
equals -2*255
due to Solidity using the two’s complement representation internally.
berndartmueller changed the severity to QA (Quality Assurance)
berndartmueller marked the issue as grade-c
Lines of code
https://github.com/code-423n4/2023-01-numoen/blob/2ad9a73d793ea23a25a381faadc86ae0c8cb5913/src/core/libraries/PositionMath.sol#L12-L18
Vulnerability details
Impact
For solidity version >= 0.8, PositionMath.addDelta reverts in an edge case while it can return a valid value.
Proof of Concept
PositionMath.addDelta
reverts when y is the minimum value of int256.When y = -2*255, it reverts when it calculates -y. But it can return a valid result for x >= -y so this can be a problem. Although this is a very rare case, and practically it is not possible to reach this value in position math. But it's a bug so I raise this issue.
Tools Used
Manual Review
Recommended Mitigation Steps