Lines of code
<https://github.com/code-423n4/2022-06-nibbl/blob/8c3dbd6adf350f35c58b31723d42117765644110/contracts/Twav/Twav.sol#L40>
Contract will break when cumulativeValuation overflows.
Cumulative prices are designed to work with overflows/underflows because in the end the difference is important.
In _updateTwav() when _prevCumulativeValuation + (_valuation *_timeElapsed) overflows the contract will not work anymore.
twavObservations[twavObservationsIndex] = TwavObservation(_blockTimestamp, _prevCumulativeValuation + (_valuation * _timeElapsed)); //add the previous observation to make it cumulative @audit overflow breaks the contract
Same problem in _getTwav()
_twav = (_twavObservationCurrent.cumulativeValuation - _twavObservationPrev.cumulativeValuation) / (_twavObservationCurrent.timestamp - _twavObservationPrev.timestamp);@audit same overflow breaks the contract
}
code-423n4/2022-04-phuture-findings#62
Add unchecked keyword in every line you add / subtract cumulative prices.
The text was updated successfully, but these errors were encountered:
š 1 GalloDaSballo reacted with eyes emoji
All reactions