search
Active Boosts

Attackathon _ Fuel Network 33239 - [Smart Contract - Low] Incorrect Implementation of IFP Min Functi

hashtag
Incorrect Implementation of IFP Min Functions

Submitted on Mon Jul 15 2024 20:07:46 GMT-0400 (Atlantic Standard Time) by @Blockian for Attackathon | Fuel Networkarrow-up-right

Report ID: #33239

Report type: Smart Contract

Report severity: Low

Target: https://github.com/FuelLabs/sway-libs/tree/0f47d33d6e5da25f782fc117d4be15b7b12d291b

Impacts:

  • Contract fails to deliver promised returns, but doesn't lose value

hashtag
Description

hashtag
Fuel Network bug report

hashtag
Incorrect Implementation of IFP Min Functions

hashtag
Description

The current implementation of the min function in sway-libs for the signed Fixed Point numbers is flawed. Instead of returning the smallest number, the min function returns zero.

hashtag
Root Cause

The min function from the IFP64 implementation is as follows:

However, this implementation returns -0, which is not the smallest value within the range of -u32::max to u32::max.

NOTE: This error affects all IFP types.

hashtag
Impact

Relying on the min function to return the smallest number can lead to incorrect results and potential mistakes for users.

hashtag
Proposed fix

To correct this, the min function should use the underlying max function instead of min:

hashtag
Proof of concept

hashtag
Proof of Concept

Run the POC's with forc test

PreviousAttackathon _ Fuel Network 33233 - [Smart Contract - Medium] Incorrect Implementation of Unsigned -bNextAttackathon _ Fuel Network 33240 - [Smart Contract - Insight] Incorrect Bitness in IFP Types

Last updated

Was this helpful?