Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-08-POOLTOGETHER-FINDINGS-ISSUES-124
HistoryAug 07, 2023 - 12:00 a.m.

Integer underflow/overflow is possible in some of the timestamp calculations if sequenceOffset or auctionDuration are set maliciously

2023-08-0700:00:00
Code4rena
github.com
11
integer underflow
timestamp calculation
reward manipulation
security vulnerability
mitigation
JSON

Lines of code

Vulnerability details

Impact

An attacker could exploit this to make _auctionElapsedTime return a low value when it should be high, thereby manipulating the reward calculation.

Proof of Concept

The vulnerability comes from the subtraction (currentTime - sequenceOffset) which could underflow if sequenceOffset is maliciously set to a very large value greater than currentTime.

For example:

currentTime = 100
sequenceOffset = 200
Then currentTime - sequenceOffset will underflow to a very large number close to 2^64.

This can then cause the modulo % sequencePeriod to return an incorrect elapsed time.

Tools Used

Manual

Recommended Mitigation Steps

add an explicit check for underflow before doing the subtraction

Assessed type

Other

The text was updated successfully, but these errors were encountered:

All reactions

JSON