cairo-contracts icon indicating copy to clipboard operation
cairo-contracts copied to clipboard

Published 20 hours ago verified publisher icon OpenZeppelin

Add le() and lt() functions to SafeUint256 library

Open kaliberpoziomka opened this issue 3 years ago • 1 comments

🧐 Motivation Currently functions uint256_le() and uint256_lt() from standard uint256.cario library are insecure. There are no checks if provided arguments are valid Uint256 type numbers. This may allow passing Uint256 objects with low and high member fields greater than 2**128 and in consequence return a false result.

📝 Details Functions SafeUint256.le() and SafeUint256.lt() would check if comparing numbers are valid Uint256 type numbers with uint256_check() function. After these checks valid arguments would be passed to uint256_le() / uint256_lt() functions and result from comparison would be returned.

kaliberpoziomka avatar Aug 19 '22 05:08 kaliberpoziomka

For reference: https://github.com/starkware-libs/cairo-lang/blob/master/src/starkware/cairo/common/uint256.cairo#L132-L137

func uint256_lt{range_check_ptr}(a : Uint256, b : Uint256) -> (res : felt):
    if a.high == b.high:
        return is_le(a.low + 1, b.low)
    end
    return is_le(a.high + 1, b.high)
end

martriay avatar Aug 19 '22 06:08 martriay