BBMath.sol is vulnerable to Overflow in the function divCell . The line return (a + b - 1) / b could result in potential overflow which may arise when a is of a very large value.
Vulnerability Detail
Let's say a is the maximum value that can be stored in a uint256 variable (a = 2^256 - 1) and b is a small positive integer (b = 10).
Computing (a + b - 1) / b, we get:
(a + b - 1) / b
= (2^256 - 1 + 10 - 1) / 10
= (2^256 + 8) / 10
The calculation involves summing up a and b - 1 together. In this case, the result would be equal to 2^256 + 8, which is larger than the maximum value that can be stored in a uint256 variable. This would result in an integer overflow, which means that the result of the calculation would be incorrect and could potentially cause unexpected behavior in the contract.
OpenZepplin Math Library has solution for this by distributing the formula as (a - 1) / b + 1 which guarantees overflow never to occur.
Qeew
medium
BBMath library is vulnerable to overflow
Summary
BBMath.sol is vulnerable to Overflow in the function divCell . The line return (a + b - 1) / b could result in potential overflow which may arise when a is of a very large value.
Vulnerability Detail
Let's say a is the maximum value that can be stored in a uint256 variable (a = 2^256 - 1) and b is a small positive integer (b = 10).
Computing (a + b - 1) / b, we get:
(a + b - 1) / b = (2^256 - 1 + 10 - 1) / 10 = (2^256 + 8) / 10
The calculation involves summing up a and b - 1 together. In this case, the result would be equal to 2^256 + 8, which is larger than the maximum value that can be stored in a uint256 variable. This would result in an integer overflow, which means that the result of the calculation would be incorrect and could potentially cause unexpected behavior in the contract.
OpenZepplin Math Library has solution for this by distributing the formula as (a - 1) / b + 1 which guarantees overflow never to occur.
Impact
Code Snippet
https://github.com/sherlock-audit/2023-02-blueberry/blob/main/contracts/libraries/BBMath.sol#L7
Tool used
Manual Review
Recommendation
Consider replacing BBmath.sol with OpenZeppelin’s Math Library