c4-bot-7 commented 6 months ago

Lines of code

https://github.com/code-423n4/2024-03-phala-network/blob/main/phala-blockchain/crates/pink/runtime/src/contract.rs#L77-L84

Vulnerability details

The mask_deposit function is responsible for masking the lowest bits of a deposit value based on certain conditions. However, there is a potential for integer overflow when calculating the min_masked_value variable.

let min_masked_value = deposit_per_byte
        .saturating_mul(MIN_MASKED_BYTES)
        .saturating_sub(1);

If the product of deposit_per_byte and MIN_MASKED_BYTES exceeds the maximum value that can be represented by u128, an integer overflow will occur, leading to unexpected behavior or security vulnerabilities.

Impact

If an integer overflow occurs in the mask_deposit function, it could lead to incorrect masking of deposit values, potentially bypassing intended security measures or causing unintended behavior in contract execution.

Proof of Concept

N/A

Tools Used

Manual Review

Recommended Mitigation Steps

Bounds Checking: Implement bounds checking to ensure that the product of deposit_per_byte and MIN_MASKED_BYTES does not exceed the maximum value representable by u128. Safe Arithmetic Operations: Use safe arithmetic operations or appropriate checks to prevent integer overflow when performing calculations involving potentially large numbers.

Assessed type

Under/Overflow

c4-pre-sort commented 6 months ago

141345 marked the issue as duplicate of #86

c4-judge commented 6 months ago

OpenCoreCH marked the issue as unsatisfactory: Invalid

code-423n4 / 2024-03-phala-network-findings

Potential Integer Overflow in Deposit Masking #89