Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

audit(1): Missing min < max check #299

Closed
wants to merge 3 commits into from
Closed

audit(1): Missing min < max check #299

wants to merge 3 commits into from

Conversation

alanhwu
Copy link
Collaborator

@alanhwu alanhwu commented Oct 1, 2024

Require that boundedSub follows the invariant of: min <= max

@alanhwu alanhwu mentioned this pull request Oct 1, 2024
Open
@alanhwu alanhwu linked an issue Oct 1, 2024 that may be closed by this pull request
audit: 1 #284
Open
zhongeric
zhongeric previously approved these changes Oct 1, 2024
View reviewed changes
Copy link
Collaborator

@zhongeric zhongeric left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice! two comments

test/lib/MathExt.t.sol Outdated Show resolved Hide resolved
test/lib/MathExt.t.sol Outdated Show resolved Hide resolved
zhongeric
zhongeric previously approved these changes Oct 2, 2024
View reviewed changes
codyborn
codyborn reviewed Oct 8, 2024
View reviewed changes
src/lib/MathExt.sol
@@ -34,6 +34,7 @@ library MathExt {
/// @param max The maximum bound for the result.
/// @return r The result of the bounded subtraction.
function boundedSub(uint256 a, int256 b, uint256 min, uint256 max) internal pure returns (uint256 r) {
require(min <= max, "MathExt: min must be less than or equal to max");
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if this is better to check in the SDK to save the additional gas.

Copy link
Collaborator

@codyborn codyborn Oct 8, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we're going to keep it, we should switch to using a custom revert error:
https://www.notion.so/uniswaplabs/Protocols-Research-Team-Homepage-e55da9af622047b5b289b7b63e7d899e?pvs=4#b2048399e4664f6ebb1b6ddbec507a39

@alanhwu alanhwu closed this Oct 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@codyborn codyborn codyborn left review comments

@zhongeric zhongeric zhongeric approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

audit: 1
3 participants
@alanhwu @codyborn @zhongeric