Dazzling Metal Hippo
Medium
The FullMath library, originally designed for Solidity <0.8.0 in Uniswap V3, has been modified to work with Solidity >=0.8.0 in the Teller protocol. However, this modification does not handle the library's reliance on "phantom overflow" effectively. As a result, the library fails when intermediate calculations exceed the 256-bit limit, causing execution to revert.
The Uniswap V3's FullMath.sol library was originally designed to allow intermediate overflows during multiplication and division operations, referred to as "phantom overflow." The library was designed for Solidity <0.8.0, relying on the absence of built-in overflow checks.
However, the version of the FullMath.sol library ported to Teller protocol has been compiled with Solidity >=0.8.0, which introduces built-in overflow/underflow protection.
The library is used in Teller’s UniswapPricingLibrary.sol and plays a critical role in price calculations. Since Solidity >=0.8.0 automatically reverts on arithmetic overflow, the affected operations within the FullMath library fail when intermediate values exceed 256 bits.
As a result, multiplication and division operations that rely on the expected intermediate overflows now revert, breaking the intended functionality of the library.
Although FullMath itself is an out-of-scope library, its use in an in-scope contract (UniswapPricingLibrary.sol) makes this issue valid under the following Sherlock rule:
"In case the vulnerability exists in a library and an in-scope contract uses it and is affected by this bug, this is a valid issue."
Similar Past Issue on Sherlock: UXD_01_2023
The correct result isn't returned in this case and the execution gets reverted when a phantom overflows occurs.
The affected FullMath library should be updated to the latest version that explicitly handles overflows using unchecked blocks.
Modified version of FullMath designed for Solidity >=0.8.0 is available in the Uniswap v3-core repository (0.8 branch).