Closed sherlock-admin closed 1 year ago
This is not a finding. The function still reverts it just has a different error message, but the test doesn't pass because you didn't change the parameter for the market ID for the error in addition to changing the market ID.
fat32
medium
SWC-101 Arithmetic Overflow on Current Price. BondChainlinkOracle.t.sol BondChainlinkOracle.sol function test_currentPrice()
SWC-101 Arithmetic Overflow on Current Price. BondChainlinkOracle.t.sol BondChainlinkOracle.sol function test_currentPrice()
Summary
The test to try to get current price for market that hasn't been registered, should fail. But it does not when using integer overflow. 1 call out of 3 calls to the test to Try to get current price for market that hasn't been registered passes and does not revert using integer overflow when it never should. The result is market was registered.
Vulnerability Detail
Impact
The test to Try to get current price for market that hasn't been registered, should fail. But it does not fail when using integer overflow. This means that the current price can be manipulated before it is registered. 1 call out of 3 calls to the test to Try to get current price for market that hasn't been registered passes and does not revert using integer overflow when it never should. The result is market was registered. Please see the log file dump below displays in summary.
Code Snippet
Vulnerable code
POC> 2023-02-bond-0xtr3/bonds/src/test/BondChainlinkOracle.t.sol
Tool used
Foundry and Visual Studio Code.
Manual Review Log File:
Recommendation
Use safe math.