metaplex - HackMD

# metaplex =============This arithmetic operation may be UNSAFE!================ Found a potential vulnerability at line 123, column 23 in metaplex/program/src/state.rs The add operation may result in overflows: 121| // need to skip ahead by the number of items to the next offset. 122| // Add one byte to cover the boolean at the end of the winning config state. >123| let idx = current_config_offset + skip + 4 + 1; 124| data[idx] = 1; 125| } else { >>>Stack Trace: >>>spl_metaplex::processor::process_instruction::h8267d87f5d69f8a5 [metaplex/program/src/entrypoint.rs:19] >>> spl_metaplex::processor::redeem_bid::process_redeem_bid::hd0edcc61d598d613 [metaplex/program/src/processor.rs:57] >>> spl_metaplex::utils::common_redeem_finish::h0762df45e9d85bd7 [metaplex/program/src/processor/redeem_bid.rs:255] >>> spl_metaplex::state::AuctionManager::set_claimed_and_status::h4dce9f6eee0a71fa [metaplex/program/src/utils.rs:704] =============This arithmetic operation may be UNSAFE!================ Found a potential vulnerability at line 135, column 31 in metaplex/program/src/state.rs The add operation may result in overflows: 133| if winning_config_index == i { 134| // ok we need to target the claimed u8 inside the correct item now. >135| let idx = current_config_offset 136| + 4 137| + winning_config_item_index * MAX_WINNING_CONFIG_STATE_ITEM_SIZE >>>Stack Trace: >>>spl_metaplex::processor::process_instruction::h8267d87f5d69f8a5 [metaplex/program/src/entrypoint.rs:19] >>> spl_metaplex::processor::redeem_bid::process_redeem_bid::hd0edcc61d598d613 [metaplex/program/src/processor.rs:57] >>> spl_metaplex::utils::common_redeem_finish::h0762df45e9d85bd7 [metaplex/program/src/processor/redeem_bid.rs:255] >>> spl_metaplex::state::AuctionManager::set_claimed_and_status::h4dce9f6eee0a71fa [metaplex/program/src/utils.rs:704] =============This arithmetic operation may be UNSAFE!================ Found a potential vulnerability at line 146, column 45 in metaplex/program/src/state.rs The add operation may result in overflows: 144| // need to skip ahead by the number of items to the next offset. 145| // Add one byte to cover the boolean at the end of the winning config state. >146| current_config_offset = current_config_offset + 4 + skip + 1; 147| } 148| } >>>Stack Trace: >>>spl_metaplex::processor::process_instruction::h8267d87f5d69f8a5 [metaplex/program/src/entrypoint.rs:19] >>> spl_metaplex::processor::redeem_bid::process_redeem_bid::hd0edcc61d598d613 [metaplex/program/src/processor.rs:57] >>> spl_metaplex::utils::common_redeem_finish::h0762df45e9d85bd7 [metaplex/program/src/processor/redeem_bid.rs:255] >>> spl_metaplex::state::AuctionManager::set_claimed_and_status::h4dce9f6eee0a71fa [metaplex/program/src/utils.rs:704] =============This arithmetic operation may be UNSAFE!================ Found a potential vulnerability at line 306, column 25 in metaplex/program/src/processor/redeem_printing_v2_bid.rs The add operation may result in overflows: 304| 305| if n < winning_index { >306| edition_offset_min += matching 307| } 308| if prize_tracking_ticket_info.data_is_empty() { >>>Stack Trace: >>>spl_metaplex::processor::process_instruction::h8267d87f5d69f8a5 [metaplex/program/src/entrypoint.rs:19] >>> spl_metaplex::processor::redeem_printing_v2_bid::process_redeem_printing_v2_bid::hfac28d055c012b82 [metaplex/program/src/processor.rs:105] =============This arithmetic operation may be UNSAFE!================ Found a potential vulnerability at line 309, column 25 in metaplex/program/src/processor/redeem_printing_v2_bid.rs The add operation may result in overflows: 307| } 308| if prize_tracking_ticket_info.data_is_empty() { >309| expected_redemptions += matching 310| } else if n >= winning_index { 311| // no need to keep using this loop more than winning_index if we're not >>>Stack Trace: >>>spl_metaplex::processor::process_instruction::h8267d87f5d69f8a5 [metaplex/program/src/entrypoint.rs:19] >>> spl_metaplex::processor::redeem_printing_v2_bid::process_redeem_printing_v2_bid::hfac28d055c012b82 [metaplex/program/src/processor.rs:105] =============This arithmetic operation may be UNSAFE!================ Found a potential vulnerability at line 317, column 42 in metaplex/program/src/processor/redeem_printing_v2_bid.rs The add operation may result in overflows: 315| } 316| >317| let edition_offset_max = edition_offset_min 318| + count_item_amount_by_safety_deposit_order( 319| &auction_manager.settings.winning_configs[winning_index].items, >>>Stack Trace: >>>spl_metaplex::processor::process_instruction::h8267d87f5d69f8a5 [metaplex/program/src/entrypoint.rs:19] >>> spl_metaplex::processor::redeem_printing_v2_bid::process_redeem_printing_v2_bid::hfac28d055c012b82 [metaplex/program/src/processor.rs:105] https://github.com/metaplex-foundation/metaplex/issues/943 https://medium.com/coinmonks/understanding-arithmetic-overflow-underflows-in-rust-and-solana-smart-contracts-9f3c9802dc45