Last updated
Submitted on Mon Jul 15 2024 20:37:02 GMT-0400 (Atlantic Standard Time) by @Blockian for
Report ID: #33242
Report type: Smart Contract
Report severity: High
Target: https://github.com/FuelLabs/sway-libs/tree/0f47d33d6e5da25f782fc117d4be15b7b12d291b
Impacts:
Incorrect math
Direct theft of any user funds, whether at-rest or in-motion, other than unclaimed yield
The current implementation of the multiply and divide functions in sway-libs for the signed Fixed Point numbers is flawed. Specifically, the implementation always returns a positive number, even when a negative result is expected.
The multiply function from the IFP64 implementation is as follows:
Similarly, the divide function is implemented as:
In both functions, when determining the value of non_negative, the code incorrectly compares self with self instead of self with other or divisor. This results in non_negative always being set to true, regardless of the values being operated on.
NOTE: This error affects all IFP types.
This issue affects every implementation of signed fixed point numbers in the Fuel ecosystem. Any project utilizing these implementations will encounter incorrect calculations.
In the crypto space, even minor errors, like off by one, can lead to substantial financial losses, underscoring the critical nature of this bug.
Compare self and other in multiply and self and divisor in divide
By correctly comparing self with other or divisor, the functions will properly set the non_negative value, ensuring accurate results.
Run the POC's with forc test
