`Buoy3Pool._updateRatios` unsafe math #105

code423n4 · 2021-07-07T21:22:27Z

Handle

cmichel

Vulnerability details

Vulnerability Details

The function performs type conversions and subtraction without over-/underflow checks:

uint256 check = abs(int256(_ratio) - int256(chainRatios[i].div(CHAIN_FACTOR)));

Recommended Mitigation Steps

We recommend checking if the values fit within the type range first, otherwise revert with a meaningful error message, as well as checking for underflows.

The text was updated successfully, but these errors were encountered:

kitty-the-kat · 2021-07-14T20:53:34Z

#6

ghoul-sol · 2021-07-25T21:35:26Z

This is partially a duplicate of #6 but it focuses on low risk issue so I'll record is as a separate (low risk) issue.

code423n4 added 1 (Low Risk) bug Something isn't working labels Jul 7, 2021

code423n4 added a commit that referenced this issue Jul 7, 2021

cmichel issue #105

c1d39e5

kitty-the-kat added the duplicate This issue or pull request already exists label Jul 14, 2021

kitty-the-kat closed this as completed Jul 14, 2021

ghoul-sol reopened this Jul 25, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

`Buoy3Pool._updateRatios` unsafe math #105

`Buoy3Pool._updateRatios` unsafe math #105

code423n4 commented Jul 7, 2021

kitty-the-kat commented Jul 14, 2021

ghoul-sol commented Jul 25, 2021 •

edited

Loading

Buoy3Pool._updateRatios unsafe math #105

Buoy3Pool._updateRatios unsafe math #105

Comments

code423n4 commented Jul 7, 2021

Handle

Vulnerability details

Vulnerability Details

Recommended Mitigation Steps

kitty-the-kat commented Jul 14, 2021

ghoul-sol commented Jul 25, 2021 • edited Loading

`Buoy3Pool._updateRatios` unsafe math #105

`Buoy3Pool._updateRatios` unsafe math #105

ghoul-sol commented Jul 25, 2021 •

edited

Loading