Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8724-5xmm-w5xq. This link is maintained to preserve external references. Original Description The cosmwasm-std crate before 2.0.2 for Rust allows integer overflows that cause incorrect contract calculations.
Some mathematical operations in cosmwasm-std use wrapping math instead of panicking on overflow for very big numbers. This can lead to wrong calculations in contracts that use these operations. Affected functions: Uint{256,512}::pow / Int{256,512}::pow Int{256,512}::neg Affected if overflow-checks = true is not set: Uint{64,128}::pow / Int{64,128}::pow Int{64,128}::neg
Some mathematical operations in cosmwasm-std use wrapping math instead of panicking on overflow for very big numbers. This can lead to wrong calculations in contracts that use these operations. Affected functions: Uint{256,512}::pow / Int{256,512}::pow Int{256,512}::neg Affected if overflow-checks = true is not set: Uint{64,128}::pow / Int{64,128}::pow Int{64,128}::neg