Potential Overflow Issue in _getPriceFromSqrtX96 Function
Low/Info issue submitted by Bauchibred
Summary
The _getPriceFromSqrtX96 function in the LenderCommitmentGroup_Smart.sol contract poses a potential overflow risk due to the multiplication of two uint256 values, which may exceed the maximum value allowed for the data type.
Vulnerability Detail
In the _getPriceFromSqrtX96 function, the line uint256 priceX96 = (uint256(_sqrtPriceX96) * uint256(_sqrtPriceX96)) / (2**96); performs a multiplication operation on two uint256 values, uint256(_sqrtPriceX96) and uint256(_sqrtPriceX96). This multiplication operation may result in an overflow if the input _sqrtPriceX96 value is greater than the maximum value that can be represented by a uint128.
Impact
If the input _sqrtPriceX96 value exceeds the maximum value representable by a uint128, the multiplication operation will result in an overflow, leading to incorrect computation of the priceX96 variable. This could potentially introduce inaccuracies or vulnerabilities in the pricing mechanism of the contract, affecting its overall functionality.
To mitigate the risk of overflow, consider implementing appropriate overflow checks or using data types with higher capacity, such as uint256, for intermediate calculations. Additionally, ensure that input values are properly validated to prevent potential overflow scenarios.
Potential Overflow Issue in
_getPriceFromSqrtX96
FunctionLow/Info issue submitted by Bauchibred
Summary
The
_getPriceFromSqrtX96
function in theLenderCommitmentGroup_Smart.sol
contract poses a potential overflow risk due to the multiplication of twouint256
values, which may exceed the maximum value allowed for the data type.Vulnerability Detail
In the
_getPriceFromSqrtX96
function, the lineuint256 priceX96 = (uint256(_sqrtPriceX96) * uint256(_sqrtPriceX96)) / (2**96);
performs a multiplication operation on twouint256
values,uint256(_sqrtPriceX96)
anduint256(_sqrtPriceX96)
. This multiplication operation may result in an overflow if the input_sqrtPriceX96
value is greater than the maximum value that can be represented by auint128
.Impact
If the input
_sqrtPriceX96
value exceeds the maximum value representable by auint128
, the multiplication operation will result in an overflow, leading to incorrect computation of thepriceX96
variable. This could potentially introduce inaccuracies or vulnerabilities in the pricing mechanism of the contract, affecting its overall functionality.Code Snippet
https://github.com/sherlock-audit/2024-04-teller-finance/blob/defe55469a2576735af67483acf31d623e13592d/teller-protocol-v2-audit-2024/packages/contracts/contracts/LenderCommitmentForwarder/extensions/LenderCommitmentGroup/LenderCommitmentGroup_Smart.sol#L539-L597
Tool used
Manual Review
Recommendation
To mitigate the risk of overflow, consider implementing appropriate overflow checks or using data types with higher capacity, such as
uint256
, for intermediate calculations. Additionally, ensure that input values are properly validated to prevent potential overflow scenarios.