low

[M-01] Compiler fails to revert if a negative integer is passed as a uint dat...

Contest
sponsor logo

Vyper - Compiler
Reward

Total

455.95 USDC

DarkTower
Selected
455.95 USDC
Selected Submission

[M-01] Compiler fails to revert if a negative integer is passed as a uint datatype.

Severity

Medium Risk

Relevant GitHub Links

https://github.com/vyperlang/vyper/tree/v0.3.10rc3/vyper

Vulnerability Details

The incorrect built-in type checker of the compiler leads a negative integer passing as a value in uint2str. This poses to be a severe issue that can go unnoticed for vyper developers.

As the vyper compiler documentation lays out:

uint2str(value: unsigned integer)→ String Returns an unsigned integer’s string representation. - value: Unsigned integer to convert. - Returns the string representation of value.

Code snippet example where the compiler fails to revert is provided below:

@external
def testFoobar():
    a: String[78] = uint2str(-12)
    pass

On compilation, this returns:

0x61007761000f6000396100776000f36003361161000c57610062565b5f3560e01c346100665763f8a8fd6d811861006057600360c0527f2d3130000000000000000000000000000000000000000000000000000000000060e05260c0805160208201805160605250806040525050005b505b5f5ffd5b5f80fda165767970657283000309000b

Impact

Misleads developers and results in an unexpected underflow.

Tools Used

Manual Review

Recommendations

Adding a check on the Vyper language compiler when a negative integer is passed to the uint2str param should render a fix to this issue.