Closed c4-bot-3 closed 3 months ago
141345 marked the issue as primary issue
141345 marked the issue as sufficient quality report
seems invalid
only mask_low_bits64() and mask_low_bits128() are in use, and min_masked_value
won't overflow in these 2 functions
seems invalid only mask_low_bits64() and mask_low_bits128() are in use, and
min_masked_value
won't overflow in these 2 functions
correct
kvinwang (sponsor) disputed
OpenCoreCH marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2024-03-phala-network/blob/a01ffbe992560d8d0f17deadfb9b9a2bed38377e/phala-blockchain/crates/pink/runtime/src/contract.rs#L75-L84 https://github.com/code-423n4/2024-03-phala-network/blob/a01ffbe992560d8d0f17deadfb9b9a2bed38377e/phala-blockchain/crates/pink/runtime/src/contract.rs#L83
Vulnerability details
MED: Unhandled
Err
variant inmask_low_bits128
(crates/pink/runtime/src/contract.rs:56-77)Description
The
mask_low_bits128
macro is used to mask the low bits of au128
value. However, the macro does not handle the case when themin_mask_bits
is greater than 128, which could lead to unexpected behavior or runtime errors.The fact that the
mask_low_bits128
macro does not handle the case when themin_mask_bits
argument is greater than 128. The specific edge case that can lead to this vulnerability is when themin_masked_value
is very large, resulting in amin_mask_bits
value that exceeds 128.The line responsible Is: https://github.com/code-423n4/2024-03-phala-network/blob/a01ffbe992560d8d0f17deadfb9b9a2bed38377e/phala-blockchain/crates/pink/runtime/src/contract.rs#L83
If
min_mask_bits
is greater than 128, the behavior of themask_low_bits128
macro is undefined and could lead to unexpected results or runtime errors.Under normal circumstances, the
mask_low_bits128
macro is expected to mask the low bits of the providedu128
value based on themin_mask_bits
argument. The macro should handle the case whenmin_mask_bits
is within the valid range of 0 to 128 and return the masked value accordingly.Impact
If the macro is called with a
min_mask_bits
value greater than 128, it can lead to incorrect masking of thedeposit
value in themask_deposit
function. This could result in incorrect calculations, inconsistencies in the runtime's behavior, or even runtime failures.Tools Used
Manual audit
Recommended Mitigation Steps
Modify the
mask_low_bits128
macro to properly handle the case whenmin_mask_bits
is greater than 128. Consider adding a check to ensure thatmin_mask_bits
is within the valid range (0 to 128) and return an error or use a default value if it exceeds the range.Assessed type
Error