search

code-423n4 / 2024-03-revert-lend-findings

9 stars 8 forks source link

Underflow could happened when calculating Uniswap V3 position's fee growth and can cause operations to revert #480

Closed c4-bot-9 closed 6 months ago

c4-bot-9 commented 6 months ago

Lines of code

https://github.com/code-423n4/2024-03-revert-lend/blob/main/src/V3Oracle.sol#L472

Vulnerability details

Impact

Detailed description of the impact of this finding.

When operations need to calculate Uniswap V3 position's fee growth, it used similar function implemented by uniswap v3. However, according to this known issue : https://github.com/Uniswap/v3-core/issues/573. The contract is implicitly relies on underflow/overflow when calculating the fee growth, if underflow is prevented, some operations that rely on fee growth will revert.

Proof of Concept

Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.

It can be observed that current implementation of getFeeGrowthInside not allow underflow/overflow to happen when calculating feeGrowthInside0X128 and feeGrowthInside1X128, because the contract used solidity >=0.8.0.

https://github.com/code-423n4/2024-03-revert-lend/blob/main/src/V3Oracle.sol#L472

This could impact crucial operations that rely on this call, such as liquidation, and could revert unexpectedly. This behavior is quite often, especially for pools that use lower fees.

Tools Used

Use unchecked when calculating feeGrowthInside0X128 and feeGrowthInside1X128.

Recommended Mitigation Steps

Assessed type

Context

c4-pre-sort commented 6 months ago

0xEVom marked the issue as insufficient quality report

0xEVom commented 6 months ago

Link points to an unchecked block

c4-judge commented 6 months ago

jhsagd76 marked the issue as unsatisfactory: Invalid