Full Sail | Notion

Price Range Validation

Severity: low

Likelihood: low

Impact: Critical

Description

The get_next_sqrt_price_a_up and get_next_sqrt_price_a_down functions in the CLMM pool implementation was accepting input prices without proper validation against the maximum allowed price boundary (79226673515401279992447579055). This could lead to:

An attacker could input a price value above the maximum allowed threshold
The invalid price could propagate through the system
Could affect liquidity calculations and token swap ratios
May cause unexpected behavior in dependent functions

Vulnerable code

public fun get_next_sqrt_price_a_up(sqrt_price: u128, liquidity: u128, amount: u64, add: bool): u128 {

if (amount == 0) {

return sqrt_price // No validation before return

};

// ... rest of function

}

public fun get_next_sqrt_price_a_down(sqrt_price: u128, liquidity: u128, amount: u64, add: bool): u128 {

if (amount == 0) {

return sqrt_price // No validation before return

};

// ... rest of function

}

The function would accept and potentially return a price of 79226673515401279992447579056, which is one unit above the maximum allowed price of 79226673515401279992447579055.

Prover Output:

error: prover::ensures assertion does not hold