Lines of code
<https://github.com/code-423n4/2023-09-venus/blob/b11d9ef9db8237678567e66759003138f2368d23/contracts/Tokens/Prime/libs/FixedMath.sol#L46&gt;
<https://github.com/code-423n4/2023-09-venus/blob/b11d9ef9db8237678567e66759003138f2368d23/contracts/Tokens/Prime/libs/FixedMath.sol#L22&gt;

Vulnerability details

Impact

functions in FixedMath.sol directly converting uint256 arguments to int256 which may overflow or return unexpected values

Proof of Concept

functions in FixedMath.sol like uintDiv() , uintMul() , toFixed() directly converting its arguments from uint256 to int256 without checking uint256 n < max(int256). as max(uint256) is 2^256-1 and max(int256) is 2^255-1 it is necessary to check for above limits to avoid overflow or unexpected values

also mentioned in oz docs ref:link

toInt256(uint256 value) → int256
internal
Converts an unsigned uint256 into a signed int256.

Requirements:

input must be less than or equal to maxInt256.

Available since v3.0.

Tools Used

Manual Review

Assessed type

Under/Overflow

The text was updated successfully, but these errors were encountered:

All reactions