XO-unpack function of PackedFixed18Lib allows data loss through improper type casting
Summary
There is s a vulnerability in the unpack function, the PackedFixed18 has a variable is outside of the range of a int256 variable. This can be exploited by an attacker and could lead to a loss of data
Vulnerability Detail
function unpack(PackedFixed18 self) internal pure returns (Fixed18) {
return Fixed18.wrap(int256(PackedFixed18.unwrap(self)));
}
}
-the problem is that PackedFixed18Lib library has vulnerability,so the unpack function that is specially when is the vulnerability. for details the value of the PackedFixed18 variable to a int256 variable so if the value of the PackedFixed18 variable is outside of the range of a int256 variable this can cause a security issues. For example, if the value of the PackedFixed18 variable is greater than 1.7014118e+20, the cast will cause the value to be truncated, which could lead to a loss of data.
Let's say that we have a PackedFixed18 variable called x that has the value 1.7014118e+21. This value is outside of the range of a int256 variable, so when we cast it to a int256, the value will be truncated to 1.7014118e+20. This means that we will lose data, which could be exploited by an attacker.
Impact
this vulnerability could exploited by hacker so for example we have a contract that stores the value of a PackedFixed18 variable in a public variable. An attacker could create a transaction that sets the value of the public variable to a value that is outside of the range of a int256 variable. When the contract unpacks the value of the public variable, it will be truncated, which will cause the contract to lose data. The attacker could then use this data loss to exploit the contract.
XDZIBEC
high
XO-
unpack
function ofPackedFixed18Lib
allows data loss through improper type castingSummary
unpack
function, thePackedFixed18
has a variable is outside of the range of aint256
variable. This can be exploited by an attacker and could lead to a loss of dataVulnerability Detail
-the problem is that
PackedFixed18Lib
library has vulnerability,so theunpack
function that is specially when is the vulnerability. for details the value of thePackedFixed18
variable to aint256
variable so if the value of thePackedFixed18
variable is outside of the range of aint256
variable this can cause a security issues. For example, if the value of thePackedFixed18
variable is greater than1.7014118e+20,
the cast will cause the value to be truncated, which could lead to a loss of data.PackedFixed18
variable calledx
that has the value1.7014118e+21
. This value is outside of the range of aint256
variable, so when we cast it to aint256
, the value will be truncated to1.7014118e+20
. This means that we will lose data, which could be exploited by an attacker.Impact
PackedFixed18
variable in a public variable. An attacker could create a transaction that sets the value of the public variable to a value that is outside of the range of aint256
variable. When the contractunpacks
the value of the public variable, it will be truncated, which will cause the contract to lose data. The attacker could then use this data loss to exploit the contract.Code Snippet
Tool used
Manual Review
Recommendation
PackedFixed18
variable to aint256
variable. This will ensure that the value of thePackedFixed18
variable is not truncated