Closed sherlock-admin2 closed 10 months ago
1 comment(s) were left on this issue during the judging contest.
Trumpero commented:
according https://github.com/PaulRBerg/prb-math/issues/181, the issue happens when calculating x^y and x < 1e18. But in the current implementation, x = YEAR_BASE_BOOST = 18e17 > 1e18
BTK
medium
pow()
function returns inconsistent valuesSummary
The
GPToke.previewPoints
function calculates the points a user will earn by staking a specified amount for a given duration. It ensures the duration is within valid limits, then calculates points using a formula involving the staking duration and a multiplier. The function returns the earned points and the staking end time.The multiplier is calculated using
pow()
as follow:Vulnerability Detail
The issue is that
PRBMath
contains a critical vulnerability in thepow()
function, which can return inconsistent values. This vulnerability is of great importance to the Tokemak protocol, as the function is used in the computation of how many points a user should get.GPToke.previewPoints
function is called in both:extend()
_stake
Recently, another protocol has also experienced the same bug, and the creators of the PRBMath have acknowledged this situation:
Impact
PRBMath
pow()
function can return inconsistent values.Code Snippet
Tool used
Manual Review
Recommendation
To mitigate this issue, please update the contracts to
0.8.19
and upgrade thePRBMath
to version V4 because these errors have been corrected(Link).