In the BeaconProofsLib contract, there's a potential for precision loss when converting the effective balance from gwei to wei, particularly for large balance values.
function getEffectiveBalanceWei(bytes32[] memory validatorFields) internal pure returns (uint256) {
return uint256(fromLittleEndianUint64(validatorFields[BALANCE_IDX])) * 1 gwei;
}
issue
While this conversion is generally accurate, it may lead to precision loss for very large balance values due to the limitations of uint64 when converted to wei (which requires higher precision).
Impact
Slight inaccuracies in reported validator balances
Possible under or over-estimation of total stake
Potential discrepancies in calculations relying on precise balance values
Suggested Solution
Consider using a higher precision type (like uint256) throughout the balance calculation process.
Implement a safe multiplication function to handle the gwei to wei conversion, ensuring no overflow occurs.
Lines of code
https://github.com/code-423n4/2024-07-karak/blob/main/src/entities/BeaconProofsLib.sol#L137
Vulnerability details
Issue Description
In the
BeaconProofsLib
contract, there's a potential for precision loss when converting the effective balance from gwei to wei, particularly for large balance values.Current Implementation:
https://github.com/code-423n4/2024-07-karak/blob/main/src/entities/BeaconProofsLib.sol#L137
issue
While this conversion is generally accurate, it may lead to precision loss for very large balance values due to the limitations of uint64 when converted to wei (which requires higher precision).
Impact
Suggested Solution
Proposed Code Change:
Poc
Assessed type
Math