Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Careful with uint8 #102

Open
gpersoon opened this issue Oct 12, 2021 · 0 comments
Open

Careful with uint8 #102

gpersoon opened this issue Oct 12, 2021 · 0 comments

Comments

@gpersoon
Copy link

Vulnerability details

Note: the current version of GeneralConvexStrategy.sol doesn't compile as far as I can see.

using SafeMath for uint8; ==> could lead to using uint8.

Using uint8 might lead to overflows. The Solidity compiler 6.12 gives the following warning when doing 10**uint8variable:

Warning: Result of exponentiation has type uint8 and thus might overflow.

Luckily because balances(..) is an uint256 the code of getMostPremium() doesn't go wrong.

Proof of concept

metavault/contracts/v3/strategies/GeneralConvexStrategy.sol

Line 14 in 8f35c3d

using SafeMath for uint8;

metavault/contracts/v3/strategies/GeneralConvexStrategy.sol

Lines 107 to 110 in 8f35c3d

function getMostPremium() public view returns (address, uint256) {
uint256 balance0 = IStableSwap3Pool(stableSwapPool).balances(0).mul(
10**(decimalMultiples[0])
);

Recommended mitigation steps

replace:

  • using SafeMath for uint8;

with:

  • using SafeMath for uint;

And use typecasts to change uint8 to uint256 before doing non-trivial calculations:

uint256 balance0 = IStableSwap3Pool(stableSwapPool).balances(0).mul(10**uint256(decimalMultiples[0]));
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gpersoon