search

code-423n4 / 2023-01-reserve-findings

4 stars 2 forks source link

SWC-101 Integer Overflow and Underflow #20

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/reserve-protocol/protocol/blob/df7ecadc2bae74244ace5e8b39e94bc992903158/contracts/libraries/Fixed.sol#L104

Vulnerability details

Impact

An overflow/underflow happens when an arithmetic operation reaches the maximum or minimum size of a type. For instance if a number is stored in the uint8 type, it means that the number is stored in a 8 bits unsigned number ranging from 0 to 2^8-1. In computer programming, an integer overflow occurs when an arithmetic operation attempts to create a numeric value that is outside of the range that can be represented with a given number of bits – either larger than the maximum or lower than the minimum representable value.

Proof of Concept

URL

https://github.com/reserve-protocol/protocol/blob/df7ecadc2bae74244ace5e8b39e94bc992903158/contracts/libraries/Fixed.sol#L104

Case

Check for -= or += or *= or /=

Description

An overflow/underflow happens when an arithmetic operation reaches the maximum or minimum size of a type. For instance if a number is stored in the uint8 type, it means that the number is stored in a 8 bits unsigned number ranging from 0 to 2^8-1. In computer programming, an integer overflow occurs when an arithmetic operation attempts to create a numeric value that is outside of the range that can be represented with a given number of bits – either larger than the maximum or lower than the minimum representable value.

PoC

shiftLeft += 18;

Tools Used

Remix IDE

Recommended Mitigation Steps

// import safemath.sol and use it to create custom function to apply instead.
shiftLeft = add(shiftLeft , 18);
c4-judge commented 1 year ago

0xean marked the issue as unsatisfactory: Insufficient quality