Griefing (e.g. no profit motive for an attacker, but damage to the users or the protocol)
Smart contract unable to operate due to lack of token funds
Unbounded gas consumption
Theft of gas
Illegitimate minting of protocol native assets
Description
Description
The ConstantProduct2 contract's calcLpTokenSupply function is vulnerable to an arithmetic overflow due to unchecked multiplication of large reserve values. This flaw can lead to incorrect LP token calculations, potentially resulting in significant financial losses or exploitation.
Brief/Intro
This report outlines a critical vulnerability found in the ConstantProduct2 smart contract, which uses a constant product formula for liquidity pools with two tokens. The vulnerability resides in the calcLpTokenSupply function, where unchecked multiplication of reserve values can cause an overflow, leading to erroneous LP token calculations. This issue poses a severe threat to the integrity of the protocol, allowing for potential theft or misallocation of user funds.
Reason for Vulnerability:
The function calculates the LP token supply by taking the square root of the product of two reserves multiplied by a precision constant. When reserves are set to large values, the multiplication can exceed the maximum limit of uint256, resulting in an overflow and erroneous calculations.
Impact
The vulnerability allows an attacker or malicious user to manipulate the calculation of LP token supply, potentially resulting in:
Incorrect LP Token Distribution:
Misallocation of LP tokens due to overflow errors.
Financial Exploitation:
Unauthorized minting or theft of funds.
Protocol Disruption:
Disruption in the operation of liquidity pools due to incorrect calculations.
Risk Breakdown
Severity: Critical
CVSS Score: 9.8 (Critical)
Affected Users:
All users interacting with liquidity pools utilizing this smart contract.
Recommendation:
To mitigate this vulnerability, the contract should implement overflow protection using safe arithmetic operations. A recommended approach is to use OpenZeppelin’s SafeMath library or similar to ensure safe multiplication before taking the square root.
Example Mitigation:
function calcLpTokenSupply(
uint256[] calldata reserves,
bytes calldata
) external pure override returns (uint256 lpTokenSupply) {
// Use SafeMath to prevent overflow
uint256 product = SafeMath.mul(reserves[0], reserves[1]);
product = SafeMath.mul(product, EXP_PRECISION);
lpTokenSupply = product.sqrt();
}
contract ExploitPoCTest is Test {
ConstantProduct2 constantProduct;
ExploitPoC exploit;
function setUp() public {
constantProduct = new ConstantProduct2();
exploit = new ExploitPoC(address(constantProduct));
}
function testOverflow() public {
// Expect a revert due to overflow
vm.expectRevert();
exploit.testOverflow();
}
}
Immunefi Response
Unfortunately, after reviewing your report, Immunefi has decided to close it as it does not meet our project requirements.
Your submission falls under one of the following categories:
Non-Vulnerability Issues: These include issues such as typos, layout issues, and other non-security-related problems that do not pose any security threat.
Spam Issues: These include reports that are intended to advertise a product or service, to mislead users or defame the company, or are irrelevant to the program.
UI/UX Issues: These include issues related to user interface and user experience that do not pose any security threat.