The implementation of PerpDepository._abs is not correct and it reverts in an edge case.
Vulnerability Detail
The implementation is as follows.
function _abs(int256 value) private pure returns (uint256) {
return value >= 0 ? uint256(value) : uint256(-1 * value);
}
When value is the minimum value of int256, i.e. value = -2^255, -1 * value is 2^255 and it is not in the valid range of int255, so this function will revert.
Impact
The _abs function is used multiple times in PerpDepository.sol, but it is very unlikely to meet this edge case. Anyway it can be met and it can cause other risks in the future so I raise this issue.
hansfriese
medium
PerpDepository._abs
reverts in an edge caseSummary
The implementation of
PerpDepository._abs
is not correct and it reverts in an edge case.Vulnerability Detail
The implementation is as follows.
When value is the minimum value of int256, i.e. value = -2^255, -1 * value is 2^255 and it is not in the valid range of int255, so this function will revert.
Impact
The
_abs
function is used multiple times in PerpDepository.sol, but it is very unlikely to meet this edge case. Anyway it can be met and it can cause other risks in the future so I raise this issue.Code Snippet
https://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/integrations/perp/PerpDepository.sol#L821-L823
Tool used
Manual Review
Recommendation
Use
uint256(value)
instead ofuint256(-1 * value)
in the edge case.