You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Casting Overflow will Cause Incorrect liquidity Operations
Summary
Casting liquidity from uint256 to uint128 will cause incorrect liquidity operations for contract users as the contract may overflow the liquidity value during both minting and removal processes.
Root Cause
In both the ISolidlyV3Pool(pool).mint and ISolidlyV3Pool(pool).burnAndCollect function calls in contract SolidlyV3AMO, the casting of liquidity from uint256 to uint128 can lead to overflow if the value exceeds uint128's maximum limit.
The liquidity parameter is set to a value greater than type(uint128).max.
The contract lacks validation to ensure liquidity is within the uint128 range before casting.
External pre-conditions
None
Attack Path
A function that includes either the mint or burnAndCollect operation is called with an excessively large liquidity value.
The liquidity value is cast to uint128, resulting in overflow and a smaller, incorrect value being used in the operation process.
Impact
The contract users suffer an approximate loss of liquidity accuracy. The intended liquidity is not correctly added to or removed from the pool, potentially leading to financial discrepancies and reduced functionality.
PoC
Mitigation
Implement a validation check before casting to ensure liquidity does not exceed uint128's maximum value. Use a statement like
The text was updated successfully, but these errors were encountered:
sherlock-admin2
changed the title
Damp Velvet Dachshund - Casting Overflow will Cause Incorrect liquidity Operations
lydia_m_t - Casting Overflow will Cause Incorrect liquidity Operations
Oct 30, 2024
lydia_m_t
Medium
Casting Overflow will Cause Incorrect
liquidity
OperationsSummary
Casting
liquidity
fromuint256
touint128
will cause incorrect liquidity operations for contract users as the contract may overflow the liquidity value during both minting and removal processes.Root Cause
In both the
ISolidlyV3Pool(pool).mint
andISolidlyV3Pool(pool).burnAndCollect
function calls in contractSolidlyV3AMO
, the casting of liquidity fromuint256
touint128
can lead to overflow if the value exceedsuint128
's maximum limit.https://github.com/sherlock-audit/2024-10-axion/blob/main/liquidity-amo/contracts/SolidlyV3AMO.sol#L190-L198
https://github.com/sherlock-audit/2024-10-axion/blob/main/liquidity-amo/contracts/SolidlyV3AMO.sol#L230-L245
Internal pre-conditions
liquidity
parameter is set to a value greater than type(uint128).max.liquidity
is within theuint128
range before casting.External pre-conditions
None
Attack Path
mint
orburnAndCollec
t operation is called with an excessively largeliquidity
value.liquidity
value is cast touint128
, resulting in overflow and a smaller, incorrect value being used in the operation process.Impact
The contract users suffer an approximate loss of liquidity accuracy. The intended liquidity is not correctly added to or removed from the pool, potentially leading to financial discrepancies and reduced functionality.
PoC
Mitigation
Implement a validation check before casting to ensure liquidity does not exceed uint128's maximum value. Use a statement like
to prevent overflow.
The text was updated successfully, but these errors were encountered: