Description

The Uniswap code explicitly allows arithmetic overflows in the _update function. Arithmetic overflows are allowed when calculating the new value of the price0CumulativeLast and price1CumulativeLast accumulator variables.

Since Facet Swap code targets a modern version of Solidity, which uses checked arithmetic operations by default, the _update function does not allow arithmetic overflows and behaves differently from the UniswapV2 code.

Impact

Without allowing overflows, all pair contracts will eventually reach a state of permanent denial of service, since the price0CumulativeLast and price1CumulativeLast variables only ever increase.

When their value grows to a point where any attempt to update them causes an overflow, all functions of the contract that directly or indirectly invoke _update will revert.

The DOS can be recovered by upgrading the contracts.

Recommendations

Allow the specific arithmetic operations intended by the UniswapV2 to overflow silently by using unchecked blocks.

Remediation

This issue has been acknowledged by 0xFacet, and a fix was implemented in commit 47318a0b↗.