Integer Underflow/Overflow in `_commit` Function

Summary

Vulnerability Detail

function _commit(Data storage s, Data storage delay) private {
    uint256 timestamp = s.stageTimestamp;
    if (timestamp == 0) revert InvalidTimestamp();
    if (block.timestamp - timestamp < delay.value)
        revert InvalidTimestamp();
    bytes32 slot;
    assembly {
        slot := s.slot
    }
    emit Commit(slot, s, block.timestamp);
    s.value = s.stagedValue;
    delete s.stageTimestamp;
    delete s.stagedValue;
}

If block.timestamp is less than timestamp, the expression block.timestamp - timestamp will underflow, resulting in a very large positive number (due to how unsigned integers work in Solidity). This could incorrectly pass the condition block.timestamp - timestamp < delay.value, allowing commits to occur prematurely or under unintended conditions.

Impact

Code Snippet

https://github.com/sherlock-audit/2024-06-mellow/blob/main/mellow-lrt/src/VaultConfigurator.sol#L66C2-L80C1

Tool used

Manual Review

Recommendation

Added Check: if (block.timestamp < timestamp || block.timestamp - timestamp < delay.value) ensures that block.timestamp is greater than or equal to timestamp before performing the subtraction. This prevents the underflow scenario where block.timestamp is less than timestamp.

sherlock-audit / 2024-06-mellow-judging

pwning_dev - Integer Underflow/Overflow in `_commit` Function #303

Integer Underflow/Overflow in `_commit` Function

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

sherlock-audit / 2024-06-mellow-judging

pwning_dev - Integer Underflow/Overflow in `_commit` Function #303

Integer Underflow/Overflow in _commit Function

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

Integer Underflow/Overflow in `_commit` Function