Potential Overflow/Underflow errors

[code423n4]

Lines of code

https://github.com/code-423n4/2023-01-biconomy/blob/5df2e8f8c0fd3393b9ecdad9ef356955f07fbbdd/scw-contracts/contracts/smart-contract-wallet/SmartAccount.sol#L224-L245

Vulnerability details

Vulnerability details

When using mathematical operations throughout the codebase, it is visible that there is no use of the SafeMath library by Openzeppelin. The SafeMath library helps in mitigating overflow and underflow attacks. There is a potential that the variables may be hacked and cause the attack.

Lines of code

https://github.com/code-423n4/2023-01-biconomy/blob/5df2e8f8c0fd3393b9ecdad9ef356955f07fbbdd/scw-contracts/contracts/smart-contract-wallet/SmartAccount.sol#L224-L245

Note: This is just a singular example, please make sure to use the prevention technique for anything that involves mathematical operations especially addition and subtraction.

Impact

An overflow error occurs when a computation produces a result larger than the memory space allocated to store it. An underflow error occurs when a computation produces a result smaller than the minimum value that can be stored in the memory space allocated for it.

Both overflow and underflow errors can be harmful to Solidity smart contracts because they can produce incorrect results, which can have unintended consequences. For example, consider a smart contract that is designed to manage a fund that is shared among multiple users. If an overflow error occurs during a computation that is supposed to determine how much of the fund each user is entitled to, the contract may incorrectly assign a larger share of the fund to some users at the expense of others. This could lead to disputes and potentially even legal action.

Similarly, an underflow error could cause a smart contract to incorrectly assign a smaller share of the fund to some users, leading to the same types of problems.

Proof of Concept

To give a more concrete example, consider the following Solidity code:

uint256 a = 100;
uint256 b = 200;
uint256 c = a + b;

If a and b are both less than 2^256 / 2, the value of c will be the correct result of the addition. However, if either a or b is greater than 2^256 / 2, an overflow error will occur and the value of c will not be correct. This could have serious consequences if the value of c is being used to make important decisions within the contract.

The following would be an overflow:

uint256 a = 115792089237316195423570985008687907853269984665640564039457584007913129639935;  // max uint256 integer
uint256 b = 200;
uint256 c = a + b;

And the following would be an underflow:

uint256 a = 100;  
uint256 b = 0; // lowest uint256 integer
uint256 c = a - b;

In general, it is important to be aware of the potential for overflow and underflow errors when writing Solidity code and to take steps to prevent them. This may include using a data type with a larger memory size to store values or adding explicit checks to ensure that values do not exceed the maximum or minimum allowed range.

Tools Used

None

Recommended Mitigation Steps

• Use SafeMath library by simply importing it into all the contracts that have mathematical operations
  import "@openzeppelin/contracts-ethereum-package/contracts/math/SafeMath.sol";
  More details about SafeMath can be found here

[c4-judge]

gzeon-c4 marked the issue as unsatisfactory:
Insufficient proof

[livingrockrises]

we don't need safemath for solidity versions ^0.8.0

[c4-sponsor]

livingrockrises marked the issue as sponsor disputed

[livingrockrises]

#373 and #107 are not duplicates of this issue.

[c4-sponsor]

livingrockrises requested judge review