Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Underflow could happened when calculating Uniswap V3 position's fee growth and can cause operations to revert #480

Closed
c4-bot-9 opened this issue Mar 15, 2024 · 3 comments
Closed

Underflow could happened when calculating Uniswap V3 position's fee growth and can cause operations to revert #480

c4-bot-9 opened this issue Mar 15, 2024 · 3 comments
Labels
3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working insufficient quality report This report is not of sufficient quality 🤖_105_group AI based duplicate group recommendation unsatisfactory does not satisfy C4 submission criteria; not eligible for awards

Comments

@c4-bot-9
Copy link
Contributor

Lines of code

https://github.com/code-423n4/2024-03-revert-lend/blob/main/src/V3Oracle.sol#L472

Vulnerability details

Impact

Detailed description of the impact of this finding.

When operations need to calculate Uniswap V3 position's fee growth, it used similar function implemented by uniswap v3. However, according to this known issue : Uniswap/v3-core#573. The contract is implicitly relies on underflow/overflow when calculating the fee growth, if underflow is prevented, some operations that rely on fee growth will revert.

Proof of Concept

Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.

It can be observed that current implementation of getFeeGrowthInside not allow underflow/overflow to happen when calculating feeGrowthInside0X128 and feeGrowthInside1X128, because the contract used solidity >=0.8.0.

https://github.com/code-423n4/2024-03-revert-lend/blob/main/src/V3Oracle.sol#L472

This could impact crucial operations that rely on this call, such as liquidation, and could revert unexpectedly. This behavior is quite often, especially for pools that use lower fees.

Tools Used

Use unchecked when calculating feeGrowthInside0X128 and feeGrowthInside1X128.

Recommended Mitigation Steps

Assessed type

Context
@c4-bot-9 c4-bot-9 added 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working labels Mar 15, 2024
c4-bot-9 added a commit that referenced this issue Mar 15, 2024
@c4-bot-9
bareli issue #480
16857b9
@c4-bot-11 c4-bot-11 added the 🤖_105_group AI based duplicate group recommendation label Mar 15, 2024
@c4-pre-sort
Copy link

0xEVom marked the issue as insufficient quality report

@c4-pre-sort c4-pre-sort added the insufficient quality report This report is not of sufficient quality label Mar 18, 2024
@0xEVom
Copy link

0xEVom commented Mar 18, 2024

Link points to an unchecked block

@c4-judge
Copy link

c4-judge commented Apr 1, 2024

jhsagd76 marked the issue as unsatisfactory:
Invalid

@c4-judge c4-judge closed this as completed Apr 1, 2024
@c4-judge c4-judge added the unsatisfactory does not satisfy C4 submission criteria; not eligible for awards label Apr 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working insufficient quality report This report is not of sufficient quality 🤖_105_group AI based duplicate group recommendation unsatisfactory does not satisfy C4 submission criteria; not eligible for awards
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@c4-judge @c4-pre-sort @c4-bot-9 @0xEVom @c4-bot-11