Medium Risk
https://github.com/vyperlang/vyper/tree/v0.3.10rc3/vyper
The incorrect built-in type checker of the compiler leads a negative integer passing as a value in uint2str. This poses to be a severe issue that can go unnoticed for vyper developers.
As the vyper compiler documentation lays out:
uint2str(value: unsigned integer)→ String Returns an unsigned integer’s string representation. - value: Unsigned integer to convert. - Returns the string representation of value.
Code snippet example where the compiler fails to revert is provided below:
@external
def testFoobar():
a: String[78] = uint2str(-12)
pass
On compilation, this returns:
0x61007761000f6000396100776000f36003361161000c57610062565b5f3560e01c346100665763f8a8fd6d811861006057600360c0527f2d3130000000000000000000000000000000000000000000000000000000000060e05260c0805160208201805160605250806040525050005b505b5f5ffd5b5f80fda165767970657283000309000b
Misleads developers and results in an unexpected underflow.
Manual Review
Adding a check on the Vyper language compiler when a negative integer is passed to the uint2str
param should render a fix to this issue.