Description

It was observed in the yield curve cairo code that in calculate_future_spot_yield_point some multiplication occurs with numbers that have not been given an upper bound. While integer overflow conditions are not strictly limited to multiplication, this is where we're most likely to find valid conditions for overflow behavior.

In calculate_future_spot_yield_point, a call is made to starkware.cairo.common.pow where the exponent is output_decimals + spot_decimals - future_decimals. Based on how this function is called, future_decimals can, at least, be 1. No reasonable upper bound exists for the exponent and pow, internally, performs unchecked multiplication. This means that the following expressions

# Shift future/spot to the left by output_decimals + spot_decimals - future_decimals
let (ratio_multiplier) = pow(10, output_decimals + spot_decimals - future_decimals)
let (shifted_ratio, _) = unsigned_div_rem(
    future_entry.value * ratio_multiplier, spot_entry.value
)

can result in integer overflow when performing the pow operation as the exponent cap is 2^251. Note that this is not 251, but 2 raised to the 251. This will easily overflow the ratio_multiplier, causing the ratio to be an unexpected value.

Impact

Mathematical expressions can miscalculate, causing incorrect spot pricing.

Recommendations

Assert that the exponent passed to pow is less than some amount. Additional, provide additional assertions around entry valuation to ensure the provided number is reasonable and not at the limits of what a felt can support.

Remediation

The issue was addressed in a later update.