The pow function can overflow if price, quote, or base are too large (e.g., greater than 19), since 10^20 exceeds the maximum value of a u64. This lack of overflow checking can cause runtime panics or incorrect calculations.
Before performing exponentiation, an overflow check should be added to ensure that price, quote, and base do not result in an excessively large exponent. You can add a check to ensure that these values are less than 20.
Zesty Sage Tapir
Medium
Potential Overflow in Decimals::new Functionb
Summary
Vulnerability Detail
The pow function can overflow if price, quote, or base are too large (e.g., greater than 19), since 10^20 exceeds the maximum value of a u64. This lack of overflow checking can cause runtime panics or incorrect calculations.
Impact
Code Snippet
https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/main/WOOFi_Solana/programs/woofi/src/util/decimals.rs#L9
Tool used
Manual Review
Recommendation
Before performing exponentiation, an overflow check should be added to ensure that price, quote, and base do not result in an excessively large exponent. You can add a check to ensure that these values are less than 20.