What does this condition check pass in cairo-lang?

27 views Asked by At

I am looking at the paradigm ctf 2022 Cairo auction problem. The vulnerability lies in the 5 quoted lines. Here it is checking whether amount is less or equal to unlocked_balance. Both variables are uint256.

let (current_balance) = _balances.read(account=caller)
let (locked_balance) = _lockedBalancesOf.read(account=caller)
let (unlocked_balance) = uint256_sub(current_balance, locked_balance)
let (enough_balance) = uint256_le(amount, unlocked_balance)

assert enough_balance = 1

The solution sends amount = { low: 2**128+1, high: 0 } and passes the check with unlocked_balance = 0.

My question is how does this work, that uint256_le({ low: 2**128+1, high: 0 }, 0) == 1 ? Is this a known vulnerability in cairo-lang?

0

There are 0 answers