- Reported
-
- Issued
-
- Package
-
cosmwasm-std
(crates.io)
- Type
-
Vulnerability
- Keywords
-
#overflow
#integer
#arithmetic
- Aliases
-
- References
-
- Patched
-
>=1.4.4, <1.5.0>=1.5.4, <2.0.0>=2.0.2
- Unaffected
-
Description
Some mathematical operations in cosmwasm-std use wrapping math instead of
panicking on overflow for very big numbers. This can lead to wrong calculations in contracts
that use these operations.
Affected functions:
Uint{256,512}::pow / Int{256,512}::powInt{256,512}::neg
Affected if overflow-checks = true is not set:
Uint{64,128}::pow / Int{64,128}::powInt{64,128}::neg
Advisory available under CC0-1.0
license.