Not using SafeMath can lead to overflow & underflow of arithmetic calculations
Vulnerability Details
Calculations that do not check for under/overflow can easily cause severe issues in Solidity.
The contract PendlePTOracle.sol , VaultRewarderLib.sol ,PendlePTEtherFiVault.sol , BaseStakingVault.sol and more, do not use SafeMath to prevent overflow and underflow in arithmetic operations.
In the PendlePTOracle.sol, _calculateBaseToQuote function they have a comment at the top that says, "Overflow and div by zero not possible" here, this is just an assumption with no valid check. Majority of contracts that perform calculations, have used SafeMath.
Impact
The only valid reason for not using SafeMath is that the design of the system makes it impossible for overflows or underflows to occur. But even in that case, the only way to prove it is with extensive formal verifications, and a mistake in any place of the system could be catastrophic.
Consider using using SafeMath for all calculations and adding a comment to every statement with an arithmetic operation explaining why it is safe. Ideally, these claims would be accompanied by a formal verification.
unRekt
Medium
Contracts not using safe math
Summary
Not using
SafeMath
can lead to overflow & underflow of arithmetic calculationsVulnerability Details
Calculations that do not check for under/overflow can easily cause severe issues in Solidity. The contract
PendlePTOracle.sol
,VaultRewarderLib.sol
,PendlePTEtherFiVault.sol
,BaseStakingVault.sol
and more, do not useSafeMath
to prevent overflow and underflow in arithmetic operations. In thePendlePTOracle.sol
,_calculateBaseToQuote
function they have a comment at the top that says, "Overflow and div by zero not possible" here, this is just an assumption with no valid check. Majority of contracts that perform calculations, have usedSafeMath
.Impact
The only valid reason for not using
SafeMath
is that the design of the system makes it impossible for overflows or underflows to occur. But even in that case, the only way to prove it is with extensive formal verifications, and a mistake in any place of the system could be catastrophic.Code Snippet
https://github.com/sherlock-audit/2024-06-leveraged-vaults/blob/14d3eaf0445c251c52c86ce88a84a3f5b9dfad94/leveraged-vaults-private/contracts/oracles/PendlePTOracle.sol#L110
Tool used
Manual Review
Recommendation
Consider using using
SafeMath
for all calculations and adding a comment to every statement with an arithmetic operation explaining why it is safe. Ideally, these claims would be accompanied by a formal verification.