Active Boosts

Attackathon _ Fuel Network 33302 - [Smart Contract - Medium] Exp function does not work correctly

Submitted on Wed Jul 17 2024 10:20:43 GMT-0400 (Atlantic Standard Time) by @shadowHunter for Attackathon | Fuel Network

Report ID: #33302

Report type: Smart Contract

Report severity: Medium

Target: https://github.com/FuelLabs/sway-libs/tree/0f47d33d6e5da25f782fc117d4be15b7b12d291b

Impacts:

  • Griefing (e.g. no profit motive for an attacker, but damage to the users or the protocol)

  • Compiler bug

Description

Brief/Intro

It seems like exp function will always return UFP128::from((1, 0)) no matter what argument is passed. This happens due to mistake in the return variable

-- let res = one;
++ let res = one + _res_minus_1;

Vulnerability Details

  1. Observe the exp function

  1. Observe that res is simply returning one instead of one + _res_minus_1 which will be correct exp

Impact Details

Dapp relying on sway library will find itself with incorrect computation of exp. If the resulting was financial calculation then this will cause fund loss to the dapp user

References

https://github.com/FuelLabs/sway-libs/blob/0f47d33d6e5da25f782fc117d4be15b7b12d291b/libs/src/fixed_point/ufp128.sw#L480

Proof of concept

Proof of Concept

PreviousAttackathon _ Fuel Network 33295 - [Smart Contract - Low] Bug in array decoding can lead to criticalNextAttackathon _ Fuel Network 33303 - [Smart Contract - Medium] Incorrect sign change

Last updated

Was this helpful?