Description
The contract StairstepExponentialDecrease has a potential vulnerability in the rpow function. The function uses the shr instruction to check if the most significant bit of x is set, but it does not handle the case where x is equal to 2**128.
Attack Scenario
An attacker can exploit this vulnerability by calling the rpow function with x = 2**128 and n > 0. This will cause the shr instruction to underflow, resulting in an incorrect calculation.
Impact
The impact of this vulnerability is that an attacker can manipulate the price calculation in the StairstepExponentialDecrease contract, potentially resulting in a loss of funds.
Recommendation
To fix this vulnerability, the rpow function should be modified to correctly handle the case where x = 2**128.
function rpow(uint256 x, uint256 n, uint256 b) internal pure returns (uint256 z) {
assembly {
switch n case 0 { z := b }
default {
switch x case 0 { z := 0 }
default {
switch mod(n, 2) case 0 { z := b } default { z := x }
let half := div(b, 2) // for rounding.
for { n := div(n, 2) } n { n := div(n,2) } {
let xx := mul(x, x)
if and(iszero(iszero(x)), gt(x, 2**128)) { revert(0,0) }
let xxRound := add(xx, half)
if lt(xxRound, xx) { revert(0,0) }
x := div(xxRound, b)
if mod(n,2) {
let zx := mul(z, x)
if and(iszero(iszero(x)), iszero(eq(div(zx, x), z))) { revert(0,0) }
let zxRound := add(zx, half)
if lt(zxRound, zx) { revert(0,0) }
z := div(zxRound, b)
}
}
}
}
}
}However, we notice a second thing - lack of input validation. If n is large, rpow can cause an overflow. If x and b are large, the mul and div can also overflow.
Description
In the LinearDecrease contract and the StairstepExponentialDecrease contract, there is a potential for an arithmetic overflow in several places.
Attack Scenario
If an attacker calls LinearDecrease or StairstepExponentialDecrease with the right sequence of large numbers, they could overflow.
Impact
The impact of this vulnerability is DoS on parts of the protocol, specifically related to calculations done within those functions.
Recommendation
Implement proper checks to prevent these potential arithmetic overflows.
function add(uint256 x, uint256 y) internal pure returns (uint256 z) {
require((z = x + y) >= x, 'overflow');
}
function mul(uint256 x, uint256 y) internal pure returns (uint256 z) {
require(y == 0 || (z = x * y) / y == x, 'overflow');
}
Payout Wallet (ERC20): 0xe744f6791a685b0A0cC316ED44375B69361c837F
This report was autonomously generated to secure the protocol.
Description
The contract
StairstepExponentialDecreasehas a potential vulnerability in therpowfunction. The function uses theshrinstruction to check if the most significant bit ofxis set, but it does not handle the case wherexis equal to2**128.Attack Scenario
An attacker can exploit this vulnerability by calling the
rpowfunction withx = 2**128andn > 0. This will cause theshrinstruction to underflow, resulting in an incorrect calculation.Impact
The impact of this vulnerability is that an attacker can manipulate the price calculation in the
StairstepExponentialDecreasecontract, potentially resulting in a loss of funds.Recommendation
To fix this vulnerability, the
rpowfunction should be modified to correctly handle the case wherex = 2**128.However, we notice a second thing - lack of input validation. If
nis large,rpowcan cause an overflow. Ifxandbare large, the mul and div can also overflow.Description
In the
LinearDecreasecontract and theStairstepExponentialDecreasecontract, there is a potential for an arithmetic overflow in several places.Attack Scenario
If an attacker calls
LinearDecreaseorStairstepExponentialDecreasewith the right sequence of large numbers, they could overflow.Impact
The impact of this vulnerability is DoS on parts of the protocol, specifically related to calculations done within those functions.
Recommendation
Implement proper checks to prevent these potential arithmetic overflows.
Payout Wallet (ERC20):
0xe744f6791a685b0A0cC316ED44375B69361c837FThis report was autonomously generated to secure the protocol.