SWC-101 Arithmetic Underflow Underflow on Block Timestamp. BondChainlinkOracle.t.sol BondChainlinkOracle.sol function testFuzz_currentPrice_oneFeed()
SWC-101 Arithmetic Underflow on Block Timestamp. BondChainlinkOracle.t.sol BondChainlinkOracle.sol function testFuzz_currentPrice_oneFeed(uint8, uint8, uint48)
Summary
The test to set block timestamp past the update threshold should fail. But it does not when using integer underflow.
1 call out of 10 calls the test to set block timestamp past the update threshold passes and does not revert using integer underflow when it never should. The result is a bad price feed was registered.
Vulnerability Detail
// In the function
function testFuzz_currentPrice_oneFeed(uint8, uint8, uint48)
// the following line was suffixed with integer underflow.
// Set block timestamp past the update threshold, should fail
vm.warp(block.timestamp + numerUpdateThreshold_ + 1 - 1e18);
vm.expectRevert(err);
oracle.currentPrice(0);
Impact
The test to set block timestamp past the update threshold should fail. But it does not when using integer underflow. This means that the block timestamp can be manipulated. 1 call out of 10 calls the test to set block timestamp past the update threshold passes and does not revert using integer underflow when it never should.
So, being able to set the block timestamp past the update threshold means that one can write to that blockchain. And in so doing, making them owner and being able to withdraw money or funds, which the log file dump below displays in summary. The result is a bad price feed was registered.
fat32
medium
SWC-101 Arithmetic Underflow Underflow on Block Timestamp. BondChainlinkOracle.t.sol BondChainlinkOracle.sol function testFuzz_currentPrice_oneFeed()
SWC-101 Arithmetic Underflow on Block Timestamp. BondChainlinkOracle.t.sol BondChainlinkOracle.sol function testFuzz_currentPrice_oneFeed(uint8, uint8, uint48)
Summary
The test to set block timestamp past the update threshold should fail. But it does not when using integer underflow. 1 call out of 10 calls the test to set block timestamp past the update threshold passes and does not revert using integer underflow when it never should. The result is a bad price feed was registered.
Vulnerability Detail
Impact
The test to set block timestamp past the update threshold should fail. But it does not when using integer underflow. This means that the block timestamp can be manipulated. 1 call out of 10 calls the test to set block timestamp past the update threshold passes and does not revert using integer underflow when it never should.
So, being able to set the block timestamp past the update threshold means that one can write to that blockchain. And in so doing, making them owner and being able to withdraw money or funds, which the log file dump below displays in summary. The result is a bad price feed was registered.
Code Snippet
Vulnerable code
POC> 2023-02-bond-0xtr3/bonds/src/test/BondChainlinkOracle.t.sol
Tool used
Foundry and Visual Studio Code.
Manual Review Log File:
Recommendation
Use safe math.