code-423n4 / 2024-02-ai-arena-findings

4 stars 3 forks source link

Potential Overflow in RankedBattle #576

Closed c4-bot-7 closed 8 months ago

c4-bot-7 commented 9 months ago

Lines of code

https://github.com/code-423n4/2024-02-ai-arena/blob/main/src/RankedBattle.sol#L218

Vulnerability details

Impact

The value of newDistribution * 10**18 exceeding uint 256 can result in overflow

Proof of Concept

Consider a sample code below: // SPDX-License-Identifier: MIT pragma solidity ^0.8.0;

contract OverflowExample { uint256 public result;

function multiplyBy10Pow18(uint256 inputValue) external {
    result = inputValue * 10**18;
}

}

Using Hardhat to interact with this contract, a script is written and named oflow-script.js : // scripts/o oflow-script.js async function main() { const OverflowExample = await ethers.getContractFactory("OverflowExample"); const contract = await OverflowExample.deploy(); await contract.deployed();

const largeValue = ethers.constants.MaxUint256; // A large value that would cause overflow

console.log("Calling multiplyBy10Pow18 with a large value..."); await contract.multiplyBy10Pow18(largeValue); console.log("Result:", (await contract.result()).toString()); }

main(); A new hardhat project is created and filled with the solidity code example above(same goes for oflow-script.js). And then npx hardhat run scripts/ovflow-script.js is run

Tools Used

VS Code

Recommended Mitigation Steps

The importation of SafeMath from openzeppelin libaries can remediate issue. It should be noted that the FixedPointMathLib doesn't solve this issue explicitly as there's no fixed multiplication function in the library contract(or else line 220 would have be written as "rankedNrnDistribution[roundId] = newDistribution.fixedMul(10**18)" where fixedMul represented the fixed multiplication function )

Assessed type

Under/Overflow

raymondfam commented 8 months ago

solidity ^0.8.0 already has safemath included.

c4-pre-sort commented 8 months ago

raymondfam marked the issue as insufficient quality report

c4-pre-sort commented 8 months ago

raymondfam marked the issue as primary issue

c4-judge commented 8 months ago

HickupHH3 marked the issue as unsatisfactory: Insufficient proof