Attackathon _ Fuel Network 33239 - [Smart Contract - Low] Incorrect Implementation of IFP Min Functi
Last updated
Was this helpful?
Last updated
Was this helpful?
Submitted on Mon Jul 15 2024 20:07:46 GMT-0400 (Atlantic Standard Time) by @Blockian for
Report ID: #33239
Report type: Smart Contract
Report severity: Low
Target: https://github.com/FuelLabs/sway-libs/tree/0f47d33d6e5da25f782fc117d4be15b7b12d291b
Impacts:
Contract fails to deliver promised returns, but doesn't lose value
The current implementation of the min function in sway-libs
for the signed Fixed Point numbers is flawed. Instead of returning the smallest number, the min function returns zero.
The min
function from the IFP64
implementation is as follows:
However, this implementation returns -0
, which is not the smallest value within the range of -u32::max
to u32::max
.
NOTE: This error affects all IFP
types.
Relying on the min
function to return the smallest number can lead to incorrect results and potential mistakes for users.
To correct this, the min
function should use the underlying max
function instead of min
:
Run the POC's with forc test