Potential Overflow Issue in _getPriceFromSqrtX96 Function
Low/Info issue submitted by Bauchibred
Summary
The _getPriceFromSqrtX96 function in the LenderCommitmentGroup_Smart.sol contract poses a potential overflow risk due to the multiplication of two uint256 values, which may exceed the maximum value allowed for the data type.
Vulnerability Detail
In the _getPriceFromSqrtX96 function, the line uint256 priceX96 = (uint256(_sqrtPriceX96) * uint256(_sqrtPriceX96)) / (2**96); performs a multiplication operation on two uint256 values, uint256(_sqrtPriceX96) and uint256(_sqrtPriceX96). This multiplication operation may result in an overflow if the input _sqrtPriceX96 value is greater than the maximum value that can be represented by a uint128.
Impact
If the input _sqrtPriceX96 value exceeds the maximum value representable by a uint128, the multiplication operation will result in an overflow, leading to incorrect computation of the priceX96 variable. This could potentially introduce inaccuracies or vulnerabilities in the pricing mechanism of the contract, affecting its overall functionality.
To mitigate the risk of overflow, consider implementing appropriate overflow checks or using data types with higher capacity, such as uint256, for intermediate calculations. Additionally, ensure that input values are properly validated to prevent potential overflow scenarios.
Potential Overflow Issue in
_getPriceFromSqrtX96FunctionLow/Info issue submitted by Bauchibred
Summary
The
_getPriceFromSqrtX96function in theLenderCommitmentGroup_Smart.solcontract poses a potential overflow risk due to the multiplication of twouint256values, which may exceed the maximum value allowed for the data type.Vulnerability Detail
In the
_getPriceFromSqrtX96function, the lineuint256 priceX96 = (uint256(_sqrtPriceX96) * uint256(_sqrtPriceX96)) / (2**96);performs a multiplication operation on twouint256values,uint256(_sqrtPriceX96)anduint256(_sqrtPriceX96). This multiplication operation may result in an overflow if the input_sqrtPriceX96value is greater than the maximum value that can be represented by auint128.Impact
If the input
_sqrtPriceX96value exceeds the maximum value representable by auint128, the multiplication operation will result in an overflow, leading to incorrect computation of thepriceX96variable. This could potentially introduce inaccuracies or vulnerabilities in the pricing mechanism of the contract, affecting its overall functionality.Code Snippet
https://github.com/sherlock-audit/2024-04-teller-finance/blob/defe55469a2576735af67483acf31d623e13592d/teller-protocol-v2-audit-2024/packages/contracts/contracts/LenderCommitmentForwarder/extensions/LenderCommitmentGroup/LenderCommitmentGroup_Smart.sol#L539-L597
Tool used
Manual Review
Recommendation
To mitigate the risk of overflow, consider implementing appropriate overflow checks or using data types with higher capacity, such as
uint256, for intermediate calculations. Additionally, ensure that input values are properly validated to prevent potential overflow scenarios.