XO-unpack function of PackedFixed18Lib allows data loss through improper type casting
Summary
There is s a vulnerability in the unpack function, the PackedFixed18 has a variable is outside of the range of a int256 variable. This can be exploited by an attacker and could lead to a loss of data
Vulnerability Detail
function unpack(PackedFixed18 self) internal pure returns (Fixed18) {
return Fixed18.wrap(int256(PackedFixed18.unwrap(self)));
}
}
-the problem is that PackedFixed18Lib library has vulnerability,so the unpack function that is specially when is the vulnerability. for details the value of the PackedFixed18 variable to a int256 variable so if the value of the PackedFixed18 variable is outside of the range of a int256 variable this can cause a security issues. For example, if the value of the PackedFixed18 variable is greater than 1.7014118e+20, the cast will cause the value to be truncated, which could lead to a loss of data.
Let's say that we have a PackedFixed18 variable called x that has the value 1.7014118e+21. This value is outside of the range of a int256 variable, so when we cast it to a int256, the value will be truncated to 1.7014118e+20. This means that we will lose data, which could be exploited by an attacker.
Impact
this vulnerability could exploited by hacker so for example we have a contract that stores the value of a PackedFixed18 variable in a public variable. An attacker could create a transaction that sets the value of the public variable to a value that is outside of the range of a int256 variable. When the contract unpacks the value of the public variable, it will be truncated, which will cause the contract to lose data. The attacker could then use this data loss to exploit the contract.
XDZIBEC
high
XO-
unpackfunction ofPackedFixed18Liballows data loss through improper type castingSummary
unpackfunction, thePackedFixed18has a variable is outside of the range of aint256variable. This can be exploited by an attacker and could lead to a loss of dataVulnerability Detail
-the problem is that
PackedFixed18Liblibrary has vulnerability,so theunpackfunction that is specially when is the vulnerability. for details the value of thePackedFixed18variable to aint256variable so if the value of thePackedFixed18variable is outside of the range of aint256variable this can cause a security issues. For example, if the value of thePackedFixed18variable is greater than1.7014118e+20,the cast will cause the value to be truncated, which could lead to a loss of data.PackedFixed18variable calledxthat has the value1.7014118e+21. This value is outside of the range of aint256variable, so when we cast it to aint256, the value will be truncated to1.7014118e+20. This means that we will lose data, which could be exploited by an attacker.Impact
PackedFixed18variable in a public variable. An attacker could create a transaction that sets the value of the public variable to a value that is outside of the range of aint256variable. When the contractunpacksthe value of the public variable, it will be truncated, which will cause the contract to lose data. The attacker could then use this data loss to exploit the contract.Code Snippet
Tool used
Manual Review
Recommendation
PackedFixed18variable to aint256variable. This will ensure that the value of thePackedFixed18variable is not truncated