search
Active Boosts

Boost _ Folks Finance 34169 - [Smart Contract - Low] Potential revert in PythNode library due to inc

Submitted on Tue Aug 06 2024 04:44:59 GMT-0400 (Atlantic Standard Time) by @nnez for Boost | Folks Financearrow-up-right

Report ID: #34169

Report type: Smart Contract

Report severity: Low

Target: https://testnet.snowtrace.io/address/0xA758c321DF6Cd949A8E074B22362a4366DB1b725

Impacts:

  • Contract fails to deliver promised returns, but doesn't lose value

hashtag
Description

hashtag
Description

In the PythNode library's process function, there's a potential issue with the price calculation logic when dealing with negative exponents from Pyth price feeds. The function attempts to convert a potentially negative int256 value to uint256 using the SafeCast.toUint256() method, which will always revert for negative inputs.

See: https://github.com/Folks-Finance/folks-finance-xchain-contracts/blob/main/contracts/oracle/nodes/PythNode.sol

uint256 price = factor > 0
    ? pythData.price.toUint256() * (10 ** factor.toUint256())
    : pythData.price.toUint256() / (10 ** factor.toUint256());

When factor is negative, the second branch is executed, attempting to convert factor to uint256. This conversion will invariably fail for negative values, causing the transaction to revert.

See: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/utils/math/SafeCast.sol#L567-L579

Note: PythNode library is a part of NodeManager.sol (in-scope asset).

hashtag
Impact

The impact of this issue is that it will cause a revert in the process function when dealing with price feeds that result in a negative factor.

hashtag
Rationale for Severity

The severity of this issue is considered Low for the following reasons:

  1. This branch might be unreachable in the first place as it requires < -18 exponent return from a Pyth node, which is currently non-existent.

  2. The affected price feeds might not be integrated with the protocol.

Despite the two reasons mentioned, it's still a techically valid bug and should be fixed.

hashtag
Proof of concept

hashtag
Proof-of-Concept

hashtag
Requirement

  • chisel 0.2.0 (3ae4f50 2024-07-07T00:21:48.451168337Z)

hashtag
Steps

  1. Run git clone https://github.com/Folks-Finance/folks-finance-xchain-contracts.git

  2. Run cd folks-finance-xchain-contracts

  3. Run chisel inside the directory

  4. Run below code, line by line in the REPL

  1. Observe that it reverts when trying to convert factor to uint256

PreviousBoost _ Folks Finance 34161 - [Smart Contract - Medium] Denial of Service via Front-Running in LoanNextBoost _ Folks Finance 34174 - [Smart Contract - Low] Bug in liquidation logic leads to stealing fund

Last updated

Was this helpful?