Closed sherlock-admin2 closed 11 months ago
4 comment(s) were left on this issue during the judging contest.
panprog commented:
invalid because the real prices used in production won't overflow, and price feed provider is trusted
n33k commented:
invalid, ai generated groundless report
darkart commented:
The same as 14
polarzero commented:
Invalid. The contract uses Solidity 0.8.19, which has built-in integer overflow/underflow checks.
0xVinylDavyl
medium
From the arithmetic operations in the _recordPrice function, specifically the variable expo6Decimal. If the value of expo6Decimal becomes extremely large or small, it could result in an integer overflow or underflow when performing operations on it.
Summary
The "Potential Integer Overflow in _recordPrice Function" is a vulnerability in the contract's
_recordPrice
function, which performs arithmetic operations on theexpo6Decimal
variable. If not handled properly, these operations could lead to integer overflow or underflow issues.Vulnerability Detail
The vulnerability arises from the arithmetic operations in the
_recordPrice
function, specifically the variableexpo6Decimal
. If the value ofexpo6Decimal
becomes extremely large or small, it could result in an integer overflow or underflow when performing operations on it.Impact
Integer overflow or underflow can lead to unexpected and potentially harmful behavior in smart contracts, including incorrect calculations, unexpected state changes, and even contract halting. In the context of this contract, it could affect the recorded price data, potentially leading to incorrect oracle information.
Code Snippet
https://github.com/sherlock-audit/2023-09-perennial/blob/main/perennial-v2/packages/perennial-oracle/contracts/pyth/PythOracle.sol#L229
Tool used
Manual Review
Recommendation
To mitigate the potential integer overflow or underflow vulnerability in the
_recordPrice
function, follow these recommended steps:Use SafeMath Library: Implement safe arithmetic operations by using a library like OpenZeppelin's SafeMath. SafeMath provides functions for addition, subtraction, multiplication, and division that prevent integer overflow or underflow.
Update Arithmetic Operations: Modify the
_recordPrice
function to use SafeMath for arithmetic operations. Ensure that the arithmetic operations are safe and do not result in integer overflow or underflow.By implementing these recommendations, you can ensure that the arithmetic operations in the
_recordPrice
function are safe and do not result in integer overflow or underflow, enhancing the security of the contract.