cergyk - BBCommon::_accrue wrong value is used to prevent overflow #41
Labels
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
cergyk
medium
BBCommon::_accrue wrong value is used to prevent overflow
Summary
A mechanism is used in
_accrue
, to prevent overflow in order to avoid Dos on multiple entrypoints of a BigBang market (many external functions call on_accrue
before executing their logic). However the wrong value is used to prevent an overflow, and even though it could be prevented the first time, it should overflow the second one it is calledVulnerability Detail
We can see that the value to be accrued is clamped to type(uint128).max - totalBorrowCap
Which works the first time to avoid an overflow since
totalBorrow.elastic
should be less thantotalBorrowCap
. However iftotalBorrow.elastic
is already bigger thantotalBorrowCap
(due to a previous accrual), this clamping does not prevent overflow.Impact
_accrue
can still revert due to an overflow blocking most of the functions of aBigBang
market.Code Snippet
Tool used
Manual Review
Recommendation
Clamp accrued value to
type(uint128).max - totalBorrow.elastic
insteadThe text was updated successfully, but these errors were encountered: