Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

lydia_m_t - Casting Overflow will Cause Incorrect liquidity Operations #321

Open
sherlock-admin2 opened this issue Oct 29, 2024 · 0 comments

Comments

@sherlock-admin2
Copy link
Contributor

sherlock-admin2 commented Oct 29, 2024

lydia_m_t

Medium

Casting Overflow will Cause Incorrect liquidity Operations

Summary

Casting liquidity from uint256 to uint128 will cause incorrect liquidity operations for contract users as the contract may overflow the liquidity value during both minting and removal processes.

Root Cause

In both the ISolidlyV3Pool(pool).mint and ISolidlyV3Pool(pool).burnAndCollect function calls in contract SolidlyV3AMO, the casting of liquidity from uint256 to uint128 can lead to overflow if the value exceeds uint128's maximum limit.

https://github.com/sherlock-audit/2024-10-axion/blob/main/liquidity-amo/contracts/SolidlyV3AMO.sol#L190-L198

https://github.com/sherlock-audit/2024-10-axion/blob/main/liquidity-amo/contracts/SolidlyV3AMO.sol#L230-L245

Internal pre-conditions

  1. The liquidity parameter is set to a value greater than type(uint128).max.
  2. The contract lacks validation to ensure liquidity is within the uint128 range before casting.

External pre-conditions

None

Attack Path

  1. A function that includes either the mint or burnAndCollect operation is called with an excessively large liquidity value.
  2. The liquidity value is cast to uint128, resulting in overflow and a smaller, incorrect value being used in the operation process.

Impact

The contract users suffer an approximate loss of liquidity accuracy. The intended liquidity is not correctly added to or removed from the pool, potentially leading to financial discrepancies and reduced functionality.

PoC

Mitigation

Implement a validation check before casting to ensure liquidity does not exceed uint128's maximum value. Use a statement like

require(liquidity <= type(uint128).max, "Liquidity exceeds uint128 max");

to prevent overflow.

@sherlock-admin2 sherlock-admin2 changed the title Damp Velvet Dachshund - Casting Overflow will Cause Incorrect liquidity Operations lydia_m_t - Casting Overflow will Cause Incorrect liquidity Operations Oct 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant