Im_th3AK - Arithmetic Operations (Potential Underflow/Overflow Without Explicit Checks)

[sherlock-admin2]

Im_th3AK

medium

Arithmetic Operations (Potential Underflow/Overflow Without Explicit Checks)

Summary

The smart contract must ensure that all arithmetic operations are safe from underflows and overflows. Solidity ^0.8.x provides built-in checks, but these need to be verified throughout the contract.

Vulnerability Detail

Solidity 0.8.x automatically includes checks for arithmetic operations to prevent overflow and underflow; however, it is crucial to verify that this version's features are correctly utilized across all mathematical computations within the contract.

Impact

If not properly handled, unsafe arithmetic operations can lead to critical vulnerabilities allowing attackers to manipulate accounting logic resulting in loss or creation of tokens/assets illegitimately which could severely compromise the integrity of the financial logic within a smart contract system.

Code Snippet

https://github.com/sherlock-audit/2024-04-interest-rate-model/blob/main/protocol/contracts/Market.sol#L140-L169

Tool used

• Manual Review

  Recommendation

  Ensure no unchecked blocks are used around arithmetic calculations unless absolutely necessary and audited thoroughly:

  
  // Example without unchecked block - Safe due automatic revert on overflow/underflow 
  uint256 newTotal = total + amount;

// Potentially unsafe example with unchecked block - Use cautiously! unchecked { uint256 newTotal = total + amount; }

[santipu03]

This issue is invalid because it fails to point to a root cause and demonstrate any significant impact.