Closed c4-bot-3 closed 6 months ago
raymondfam marked the issue as insufficient quality report
raymondfam marked the issue as duplicate of #22
Similar to #22.
hansfriese changed the severity to QA (Quality Assurance)
hansfriese marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2024-03-dittoeth/blob/91faf46078bb6fe8ce9f55bcb717e5d2d302d22e/contracts/facets/PrimaryLiquidationFacet.sol#L229
Vulnerability details
Impact
There is an issue within the
min88
function. The problem lies within the conditional statementa < b
. Sincea
is of typeuint256
andb
is of typeuint88
, the comparison between them will always be false due to the different integer ranges.In Solidity, when performing operations between different integer types, the smaller type is implicitly converted to the larger type before the operation is performed. In this case,
b
(of typeuint88
) will be converted to auint256
before being compared witha
. However, the maximum value ofuint88
(2^88 - 1) is still smaller than the minimum value ofuint256
(0), resulting in the comparisona < b
being always false.Proof of Concept
https://github.com/code-423n4/2024-03-dittoeth/blob/91faf46078bb6fe8ce9f55bcb717e5d2d302d22e/contracts/facets/PrimaryLiquidationFacet.sol#L229
Tools Used
Manual
Recommended Mitigation Steps
Cast
a
touint88
before the comparison, like this:By casting
a
touint88
before the comparison, you ensure that both operands are of the same type, and the comparison will work correctly.Alternatively, you could also compare
a
with the maximum value ofuint88
before returning the minimum value:In this version, if
a
is greater than the maximum value ofuint88
, it returnsb
. Otherwise, it returnsa
cast touint88
.Assessed type
Other