Closed sherlock-admin closed 8 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid: POC ?
Invalid, it would be unrealistic for this to overflow given it is not possible for max age of a price to reach this kind of levels (2**32 - 1)
web3_r
medium
_getMaxAge() can underflow or overflow
Summary
The provided function _getMaxAge() calculates the time difference between the current block's timestamp and a given timestamp _executableAtTime. The result is then cast to uint32. There is potential vulnerability in the cast from uint64 to uint32.
Vulnerability Detail
Overflow: If the time difference is too large, it may exceed the maximum value representable by uint32 (which is 2^32 - 1). In such cases, the result will overflow, and you'll get an unexpected and likely incorrect value.
Impact
This can affect the calculation for
stableCollateralPerShare()
in both deposit and withdraw. there by causing user to fewer LPs on deposit or more amountOut on withdrawCode Snippet
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/StableModule.sol#L252
Tool used
Manual Review
Recommendation
To handle this, you may want to check whether the time difference is within the representable range of uint32 before performing the cast, and handle overflow scenarios appropriately.
function _getMaxAge(uint64 _executableAtTime) internal view returns (uint32 _maxAge) { uint256 timeDifference = block.timestamp - _executableAtTime; require(timeDifference <= type(uint32).max, "Time difference exceeds uint32 range"); return uint32(timeDifference); }