search
Active Boosts

Attackathon _ Fuel Network 33303 - [Smart Contract - Medium] Incorrect sign change

Submitted on Wed Jul 17 2024 10:37:38 GMT-0400 (Atlantic Standard Time) by @shadowHunter for Attackathon | Fuel Networkarrow-up-right

Report ID: #33303

Report type: Smart Contract

Report severity: Medium

Target: https://github.com/FuelLabs/sway-libs/tree/0f47d33d6e5da25f782fc117d4be15b7b12d291b

Impacts:

  • Compiler bug

hashtag
Description

This is a compiler bug since resulting value 0 sign is changed to negative. This library are meant to be used by third party apps as mentioned by Fuel team in github page

hashtag
Brief/Intro

It seems that if you are adding same number with different sign then resulting 0 sign is changed which is not correct

hashtag
Vulnerability Details

  1. If add is called using number 3 and -3 then result should be 0 with positive sign

  2. But since 3>3 is false so condition move to else condition which changes the sign even though it was not required

  1. Ideally the condition should be if self.underlying >= other.underlying

hashtag
Impact Details

Result will be with incorrect sign

hashtag
References

https://github.com/FuelLabs/sway-libs/blob/2a869c583d2ab9fbe8de17a3301d928b224062c7/libs/src/fixed_point/ifp64.sw#L239C13-L244C14

hashtag
Proof of concept

hashtag
Proof of Concept

PreviousAttackathon _ Fuel Network 33302 - [Smart Contract - Medium] Exp function does not work correctlyNextAttackathon _ Fuel Network 33331 - [Smart Contract - High] Overflow in Types Less Than u

Last updated

Was this helpful?