Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Empiric Oracle>Medium findings>Faulty implementation of comparison function
GeneralOverview
Findings
High (1)
Medium (2)Incorrect expression valuesFaulty comparison function
Low (2)
Informational (1)
DiscussionAssert non-zero valueRoot and publisher key schemePause functionalityAccuracy of data returned
Audit ResultsResults
Category: Coding Mistakes

Faulty implementation of comparison function

Medium Severity
Medium Impact
Low Likelihood

Description

The are_equal function in time_series.utils incorrectly assumes that the is_nn function checks if the argument is negative. According to the documentation, however, this function checks if the argument is non-negative. This leads to an incorrect implementation, causing the are_equal function to return bogus values.

func are_equal{range_check_ptr}(num1: felt, num2: felt) -> (_are_equal: Bool) {
    alloc_locals;
    let is_neg1 = is_nn(num1 - num2);
    let is_neg2 = is_nn(num2 - num1);
    let _are_equal = is_nn(is_neg1 + is_neg2 - 1);
    return (_are_equal,);
}

As an example, the are_equal function will have the following trace when run with arguments (3, 4), wrongly returning that the numbers are equal:

is_neg1 = is_nn(3 - 4) => is_nn(-1) => 0;
is_neg2 = is_nn(4 - 3) => is_nn(1) => 1
_are_equal = is_nn(0 + 1 - 1) => is_nn(0) => 1

Impact

The faulty are_equal function is used as a helper function by other statistical calculation functions under time_series/, which could lead to incorrect results.

Recommendations

Rewrite the code according to the correct specification of the is_nn function: It returns 1 when the argument is non-negative.

Write more unit tests for individual library functions to catch any incorrect implementations and edge cases that might not show up in an integration test.

Remediation

The issue was addressed in a later update.

Zellic © 2024Back to top ↑