I am looking at the paradigm ctf 2022 Cairo auction problem. The vulnerability lies in the 5 quoted lines. Here it is checking whether amount is less or equal to unlocked_balance. Both variables are uint256.
let (current_balance) = _balances.read(account=caller)
let (locked_balance) = _lockedBalancesOf.read(account=caller)
let (unlocked_balance) = uint256_sub(current_balance, locked_balance)
let (enough_balance) = uint256_le(amount, unlocked_balance)
assert enough_balance = 1
The solution sends amount = { low: 2**128+1, high: 0 }
and passes the check with unlocked_balance = 0
.
My question is how does this work, that uint256_le({ low: 2**128+1, high: 0 }, 0) == 1
? Is this a known vulnerability in cairo-lang?