Attackathon _ Fuel Network 33168 - [Smart Contract - High] Incorrect Sign Determination In Multiply
Last updated
Was this helpful?
Last updated
Was this helpful?
Submitted on Sat Jul 13 2024 08:16:13 GMT-0400 (Atlantic Standard Time) by @Minato7namikazi for
Report ID: #33168
Report type: Smart Contract
Report severity: High
Target: https://github.com/FuelLabs/sway-libs/tree/0f47d33d6e5da25f782fc117d4be15b7b12d291b
Impacts:
Permanent freezing of funds
During my audit of the IFP (signed fixed-point number) implementations in the sway-libs , this vulnerability were identified. This could lead to incorrect calculations in smart contracts relying on this implementation and cause massive losses.
Incorrect Sign Determination in Multiply & Division Operations in IFP128
The division operation incorrectly determines the sign of the result. the current implementation uses a logical condition that is always false, resulting in division operations always producing a positive result, regardless of the signs of the operands.
& the condition
(self.non_negative && !self.non_negative) || (!self.non_negative && self.non_negative)
in multiply & divide functions :
is always false because it's checking if a number is both positive and negative at the same time, which is impossible
because this vulnerability can lead to miscalculations in financial operations, and any mathematical computations relying on signed division like
Incorrect token balances and transfers
Potential exploitation in smart contracts dealing with debt, loans, or any negative value representations