search
Active Boosts

Attackathon _ Fuel Network 32786 - [Smart Contract - Low] incorrect set of i bits to which it should

Submitted on Tue Jul 02 2024 13:13:27 GMT-0400 (Atlantic Standard Time) by @zeroK for Attackathon | Fuel Networkarrow-up-right

Report ID: #32786

Report type: Smart Contract

Report severity: Low

Target: https://github.com/FuelLabs/sway-libs/tree/0f47d33d6e5da25f782fc117d4be15b7b12d291b

Impacts:

  • Contract fails to deliver promised returns, but doesn't lose value

hashtag
Description

hashtag
Brief/Intro

the i256 is used to create/refer to signed value for u256 while sway can not handle negative value, however the bits function return incorrect bit value which is 128 bits, this is not true as i128 return 128 bits and i256 should return 256 bits same as shown in the sway-core/primitives.sw std.

hashtag
Vulnerability Details

the bits sets to 128 for i256 as shown below:

impl I256 {
    /// The size of this type in bits.
    ///
    /// # Returns
    ///
    /// [u64] - The defined size of the `I256` type.
    ///
    /// # Examples
    ///
    /// ``sway
    /// use sway_libs::signed_integers::i256::I256;
    ///
    /// fn foo() {
    ///     let bits = I256::bits();
    ///     assert(bits == 128);
    /// }
    /// ```
    pub fn bits() -> u64 {
        128
    }

but this is not true as i128 return 128 bits too:

while in the primitives its clear that u256 should return 256 bit:

hashtag
Impact Details

the i256.sw bit function return incorrect bit number.

hashtag
References

return 256 bit in the bit function for i256.sw lib

hashtag
Proof of concept

hashtag
Proof of Concept

run the test right below the bit function in i256.sw:

PreviousAttackathon _ Fuel Network 32768 - [Blockchain_DLT - Medium] WDCM and WQCM doesnt respect the fuel-sNextAttackathon _ Fuel Network 32812 - [Smart Contract - Low] Sway-libSRC- Buffer overflow in swap_confi

Last updated

Was this helpful?