johba/harb
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request 'fix: Overflow guard missing for slots 1-7 in both Optimizer.sol and OptimizerV3Push3.sol (#997)' (#1114) from fix/issue-997 into master

Browse source
This commit is contained in:
johba 2026-03-22 13:56:02 +01:00
commit 29b8f7d426
2 changed files with 7 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

4
onchain/src/Optimizer.sol
View file

@ -361,11 +361,13 @@ contract Optimizer is Initializable, UUPSUpgradeable, IOptimizer {
virtual virtual
returns (uint256 capitalInefficiency, uint256 anchorShare, uint24 anchorWidth, uint256 discoveryDepth) returns (uint256 capitalInefficiency, uint256 anchorShare, uint24 anchorWidth, uint256 discoveryDepth)
{ {
// Guard against non-zero shift and negative mantissa. // Guard against non-zero shift, negative mantissa, and overflow.
// All 8 slots must be in [0, 1e18] the uniform dyadic range.
// shift is reserved for future use; uint256() cast silently wraps negatives. // shift is reserved for future use; uint256() cast silently wraps negatives.
for (uint256 k; k < 8; k++) { for (uint256 k; k < 8; k++) {
require(inputs[k].shift == 0, "shift not yet supported"); require(inputs[k].shift == 0, "shift not yet supported");
require(inputs[k].mantissa >= 0, "negative mantissa"); require(inputs[k].mantissa >= 0, "negative mantissa");
require(inputs[k].mantissa <= 1e18, "mantissa overflow");
} }
// Extract slots 0 and 1 (shift=0 enforced above mantissa IS the value) // Extract slots 0 and 1 (shift=0 enforced above mantissa IS the value)
uint256 percentageStaked = uint256(inputs[0].mantissa); uint256 percentageStaked = uint256(inputs[0].mantissa);

9
onchain/src/OptimizerV3Push3Lib.sol
View file

@ -17,14 +17,13 @@ library OptimizerV3Push3Lib {
pure pure
returns (uint256 ci, uint256 anchorShare, uint24 anchorWidth, uint256 discoveryDepth) returns (uint256 ci, uint256 anchorShare, uint24 anchorWidth, uint256 discoveryDepth)
{ {
// Validate mantissa for percentageStaked // Validate that shift is 0 (future-only field, not yet supported),
require(inputs[0].mantissa <= 1e18, "mantissa overflow"); // that no mantissa is negative (uint256 cast silently wraps negatives),
// and that all slots are within the [0, 1e18] dyadic range.
// Validate that shift is 0 (future-only field, not yet supported)
// and that no mantissa is negative (uint256 cast silently wraps negatives).
for (uint256 k = 0; k < 8; k++) { for (uint256 k = 0; k < 8; k++) {
require(inputs[k].shift == 0, "shift not yet supported"); require(inputs[k].shift == 0, "shift not yet supported");
require(inputs[k].mantissa >= 0, "negative mantissa"); require(inputs[k].mantissa >= 0, "negative mantissa");
require(inputs[k].mantissa <= 1e18, "mantissa overflow");
} }
uint256 percentagestaked = uint256(uint256(inputs[0].mantissa)); uint256 percentagestaked = uint256(uint256(inputs[0].mantissa));