Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fees calculations don’t allow overflowing/underflowing #38

Closed
c4-bot-10 opened this issue Aug 31, 2024 · 0 comments
Closed

Fees calculations don’t allow overflowing/underflowing #38

c4-bot-10 opened this issue Aug 31, 2024 · 0 comments
Labels
3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working duplicate-46 edited-by-warden 🤖_54_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality

Comments

@c4-bot-10
Copy link
Contributor

c4-bot-10 commented Aug 31, 2024
edited by c4-bot-3
Loading

Lines of code

https://github.com/code-423n4/2024-08-superposition/blob/4528c9d2dbe1550d2660dac903a8246076044905/pkg/seawater/src/tick.rs#L236-L245

Vulnerability details

Impact

update_position-related transactions may revert in some situations.

Vulnerability Details

In the get_fee_growth_inside function, the calculations of fee_growth_global_0, fee_growth_global_1, etc. don’t allow under- and overflowing. However, the respective calculations in Uniswap V3 are designed to underflow and overflow (for more information, refer to Uniswap/v3-core#573 issue and Jeiwan/uniswapv3-book#45). As a result, executing update_position can revert in some situations (such as test incr_position_fee_growth_tick), causing transaction reverts.

Tools Used

Manual analysis

Recommended Mitigation Steps

Use overflowing_sub instead of checked_sub.

Assessed type

Under/Overflow
@c4-bot-10 c4-bot-10 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Aug 31, 2024
c4-bot-2 added a commit that referenced this issue Aug 31, 2024
@c4-bot-2
Q7 issue #38
4524302
@c4-bot-4 c4-bot-4 removed the 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value label Sep 1, 2024
@code4rena-admin code4rena-admin added 3 (High Risk) Assets can be stolen/lost/compromised directly edited-by-warden labels Sep 1, 2024
@c4-bot-12 c4-bot-12 added the 🤖_54_group AI based duplicate group recommendation label Sep 13, 2024
howlbot-integration bot added a commit that referenced this issue Sep 16, 2024
@howlbot-integration
Q7 update issue #38
e38f2ae
@howlbot-integration howlbot-integration bot added sufficient quality report This report is of sufficient quality duplicate-46 labels Sep 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working duplicate-46 edited-by-warden 🤖_54_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@code4rena-admin @c4-bot-4 @c4-bot-10 @c4-bot-12