Incorrect Exponentiation

[c4-bot-2]

Lines of code

https://github.com/code-423n4/2024-04-panoptic/blob/833312ebd600665b577fbd9c03ffa0daf250ed24/contracts/libraries/Math.sol#L414

Vulnerability details

Impact

The vulnerability identified in the Math.mulDiv function within the Solidity contracts and libraries involves the use of the bitwise-xor operator (^) instead of the exponentiation operator (**). This error is present in the location: (contracts/libraries/Math.sol#341-434). The incorrect use of the bitwise-xor operator for exponentiation can lead to unexpected behavior and incorrect calculations, especially in financial and mathematical operations where precision is crucial.

Proof of Concept

https://github.com/code-423n4/2024-04-panoptic/blob/833312ebd600665b577fbd9c03ffa0daf250ed24/contracts/libraries/Math.sol#L414

To demonstrate the impact of this vulnerability, consider the following example:

// Custom contract
function incorrectExponentiation() public pure returns (uint256) {
    uint256 denominator = 2;
    uint256 inv = (3 * denominator) ^ 2; // Incorrect use of ^ instead of **
    return inv;
}

// OpenZeppelin contract
function incorrectExponentiationOpenZeppelin() public pure returns (uint256) {
    uint256 denominator = 2;
    uint256 inverse = (3 * denominator) ^ 2; // Incorrect use of ^ instead of **
    return inverse;
}

In both functions, the intention is to calculate the square of (3 * denominator). However, due to the use of the bitwise-xor operator (^), the result will not be the square of the intended value but rather the result of a bitwise XOR operation, which is not the intended mathematical operation.

Tools Used

Slither was used to identify this vulnerability.

Recommended Mitigation Steps

To mitigate this vulnerability, the bitwise-xor operator (^) should be replaced with the exponentiation operator (**) in the instance.

Assessed type

Math

[c4-judge]

Picodes marked the issue as unsatisfactory: Invalid