Low severityNVD Advisory· Published Jul 27, 2025· Updated Jul 28, 2025
CVE-2024-58263
CVE-2024-58263
Description
The cosmwasm-std crate before 2.0.2 for Rust allows integer overflows that cause incorrect contract calculations.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Integer overflows in cosmwasm-std < 2.0.2 cause incorrect smart contract calculations, potentially leading to financial loss or logic errors.
CVE-2024-58263 identifies integer overflow vulnerabilities in the cosmwasm-std crate (before version 2.0.2) for Rust, which is part of the CosmWasm framework for building WebAssembly smart contracts on Cosmos SDK chains [1]. The root cause lies in the pow, abs, and negation (neg) methods for integer types such as Int128 and Int256, where they previously used direct arithmetic operations without overflow checking [2][3][4]. This oversight could lead to silent wrapping, causing incorrect contract calculations.
Exploitation requires no authentication, as these methods are callable from any smart contract that imports the vulnerable library. An attacker would craft inputs that trigger overflow in arithmetic operations; since contracts often rely on precise numeric computations for token balances, auctions, or financial logic, a single incorrect calculation could propagate errors throughout contract state [2][3]. The vulnerability is present in the core library itself, so any contract using affected methods is automatically at risk.
The impact is severe: an attacker could manipulate contract behavior by causing integer wrap-around, potentially stealing funds, minting tokens, or breaking invariant checks. While the library panics in debug builds after the fix, a correct overflow detection (panicking or saturating) is essential for security-critical contracts [4].
The fix was released in cosmwasm-std 2.0.2, which replaces unsafe direct arithmetic with checked_pow, checked_abs, and checked_neg calls [2][3][4]. Users should update their dependencies immediately and recompile contracts. No workaround exists other than upgrading, as the patched methods are the intended safe interface.
References
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cosmwasm-stdcrates.io | >= 1.3.0, < 1.4.4 | 1.4.4 |
cosmwasm-stdcrates.io | >= 1.5.0, < 1.5.4 | 1.5.4 |
cosmwasm-stdcrates.io | >= 2.0.0, < 2.0.2 | 2.0.2 |
Affected products
1- CosmWasm/cosmwasm-stdv5Range: 1.3.0
Patches
38 files changed · +84 −20
packages/std/src/math/int128.rs+16 −3 modified@@ -86,8 +86,11 @@ impl Int128 { } #[must_use = "this returns the result of the operation, without modifying the original"] - pub fn pow(self, exp: u32) -> Self { - Self(self.0.pow(exp)) + pub const fn pow(self, exp: u32) -> Self { + match self.0.checked_pow(exp) { + Some(val) => Self(val), + None => panic!("attempt to exponentiate with overflow"), + } } pub fn checked_add(self, other: Self) -> Result<Self, OverflowError> { @@ -209,6 +212,16 @@ impl Int128 { pub const fn abs_diff(self, other: Self) -> Uint128 { Uint128(self.0.abs_diff(other.0)) } + + /// Strict negation. Computes -self, panicking if self == MIN. + /// + /// This is the same as [`Int128::neg`] but const. + pub const fn strict_neg(self) -> Self { + match self.0.checked_neg() { + Some(val) => Self(val), + None => panic!("attempt to negate with overflow"), + } + } } impl From<Uint64> for Int128 { @@ -367,7 +380,7 @@ impl Neg for Int128 { type Output = Self; fn neg(self) -> Self::Output { - Self(-self.0) + self.strict_neg() } }
packages/std/src/math/int256.rs+16 −3 modified@@ -135,8 +135,11 @@ impl Int256 { } #[must_use = "this returns the result of the operation, without modifying the original"] - pub fn pow(self, exp: u32) -> Self { - Self(self.0.pow(exp)) + pub const fn pow(self, exp: u32) -> Self { + match self.0.checked_pow(exp) { + Some(val) => Self(val), + None => panic!("attempt to exponentiate with overflow"), + } } pub fn checked_add(self, other: Self) -> Result<Self, OverflowError> { @@ -258,6 +261,16 @@ impl Int256 { pub const fn abs_diff(self, other: Self) -> Uint256 { Uint256(self.0.abs_diff(other.0)) } + + /// Strict negation. Computes -self, panicking if self == MIN. + /// + /// This is the same as [`Int256::neg`] but const. + pub const fn strict_neg(self) -> Self { + match self.0.checked_neg() { + Some(val) => Self(val), + None => panic!("attempt to negate with overflow"), + } + } } impl From<Uint128> for Int256 { @@ -434,7 +447,7 @@ impl Neg for Int256 { type Output = Self; fn neg(self) -> Self::Output { - Self(-self.0) + self.strict_neg() } }
packages/std/src/math/int512.rs+16 −3 modified@@ -171,8 +171,11 @@ impl Int512 { } #[must_use = "this returns the result of the operation, without modifying the original"] - pub fn pow(self, exp: u32) -> Self { - Self(self.0.pow(exp)) + pub const fn pow(self, exp: u32) -> Self { + match self.0.checked_pow(exp) { + Some(val) => Self(val), + None => panic!("attempt to exponentiate with overflow"), + } } pub fn checked_add(self, other: Self) -> Result<Self, OverflowError> { @@ -294,6 +297,16 @@ impl Int512 { pub const fn abs_diff(self, other: Self) -> Uint512 { Uint512(self.0.abs_diff(other.0)) } + + /// Strict negation. Computes -self, panicking if self == MIN. + /// + /// This is the same as [`Int512::neg`] but const. + pub const fn strict_neg(self) -> Self { + match self.0.checked_neg() { + Some(val) => Self(val), + None => panic!("attempt to negate with overflow"), + } + } } impl From<Uint256> for Int512 { @@ -467,7 +480,7 @@ impl Neg for Int512 { type Output = Self; fn neg(self) -> Self::Output { - Self(-self.0) + self.strict_neg() } }
packages/std/src/math/int64.rs+16 −3 modified@@ -86,8 +86,11 @@ impl Int64 { } #[must_use = "this returns the result of the operation, without modifying the original"] - pub fn pow(self, exp: u32) -> Self { - Self(self.0.pow(exp)) + pub const fn pow(self, exp: u32) -> Self { + match self.0.checked_pow(exp) { + Some(val) => Self(val), + None => panic!("attempt to exponentiate with overflow"), + } } pub fn checked_add(self, other: Self) -> Result<Self, OverflowError> { @@ -209,6 +212,16 @@ impl Int64 { pub const fn abs_diff(self, other: Self) -> Uint64 { Uint64(self.0.abs_diff(other.0)) } + + /// Strict negation. Computes -self, panicking if self == MIN. + /// + /// This is the same as [`Int64::neg`] but const. + pub const fn strict_neg(self) -> Self { + match self.0.checked_neg() { + Some(val) => Self(val), + None => panic!("attempt to negate with overflow"), + } + } } impl From<u32> for Int64 { @@ -343,7 +356,7 @@ impl Neg for Int64 { type Output = Self; fn neg(self) -> Self::Output { - Self(-self.0) + self.strict_neg() } }
packages/std/src/math/uint128.rs+5 −2 modified@@ -88,8 +88,11 @@ impl Uint128 { } #[must_use = "this returns the result of the operation, without modifying the original"] - pub fn pow(self, exp: u32) -> Self { - self.0.pow(exp).into() + pub const fn pow(self, exp: u32) -> Self { + match self.0.checked_pow(exp) { + Some(val) => Self(val), + None => panic!("attempt to exponentiate with overflow"), + } } /// Returns `self * numerator / denominator`.
packages/std/src/math/uint256.rs+5 −2 modified@@ -158,8 +158,11 @@ impl Uint256 { } #[must_use = "this returns the result of the operation, without modifying the original"] - pub fn pow(self, exp: u32) -> Self { - Self(self.0.pow(exp)) + pub const fn pow(self, exp: u32) -> Self { + match self.0.checked_pow(exp) { + Some(val) => Self(val), + None => panic!("attempt to exponentiate with overflow"), + } } /// Returns `self * numerator / denominator`.
packages/std/src/math/uint512.rs+5 −2 modified@@ -185,8 +185,11 @@ impl Uint512 { } #[must_use = "this returns the result of the operation, without modifying the original"] - pub fn pow(self, exp: u32) -> Self { - Self(self.0.pow(exp)) + pub const fn pow(self, exp: u32) -> Self { + match self.0.checked_pow(exp) { + Some(val) => Self(val), + None => panic!("attempt to exponentiate with overflow"), + } } pub fn checked_add(self, other: Self) -> Result<Self, OverflowError> {
packages/std/src/math/uint64.rs+5 −2 modified@@ -81,8 +81,11 @@ impl Uint64 { } #[must_use = "this returns the result of the operation, without modifying the original"] - pub fn pow(self, exp: u32) -> Self { - self.0.pow(exp).into() + pub const fn pow(self, exp: u32) -> Self { + match self.0.checked_pow(exp) { + Some(val) => Self(val), + None => panic!("attempt to exponentiate with overflow"), + } } /// Returns `self * numerator / denominator`.
8 files changed · +104 −28
packages/std/src/math/int128.rs+21 −5 modified@@ -98,8 +98,11 @@ impl Int128 { } #[must_use = "this returns the result of the operation, without modifying the original"] - pub fn pow(self, exp: u32) -> Self { - Self(self.0.pow(exp)) + pub const fn pow(self, exp: u32) -> Self { + match self.0.checked_pow(exp) { + Some(val) => Self(val), + None => panic!("attempt to exponentiate with overflow"), + } } /// Returns `self * numerator / denominator`. @@ -263,13 +266,26 @@ impl Int128 { #[must_use = "this returns the result of the operation, without modifying the original"] pub const fn abs(self) -> Self { - Self(self.0.abs()) + match self.0.checked_abs() { + Some(val) => Self(val), + None => panic!("attempt to calculate absolute value with overflow"), + } } #[must_use = "this returns the result of the operation, without modifying the original"] pub const fn unsigned_abs(self) -> Uint128 { Uint128(self.0.unsigned_abs()) } + + /// Strict negation. Computes -self, panicking if self == MIN. + /// + /// This is the same as [`Int128::neg`] but const. + pub const fn strict_neg(self) -> Self { + match self.0.checked_neg() { + Some(val) => Self(val), + None => panic!("attempt to negate with overflow"), + } + } } impl NumConsts for Int128 { @@ -445,7 +461,7 @@ impl Neg for Int128 { type Output = Self; fn neg(self) -> Self::Output { - Self(-self.0) + self.strict_neg() } } @@ -1268,7 +1284,7 @@ mod tests { } #[test] - #[should_panic = "attempt to negate with overflow"] + #[should_panic = "attempt to calculate absolute value with overflow"] fn int128_abs_min_panics() { _ = Int128::MIN.abs(); }
packages/std/src/math/int256.rs+21 −5 modified@@ -153,8 +153,11 @@ impl Int256 { } #[must_use = "this returns the result of the operation, without modifying the original"] - pub fn pow(self, exp: u32) -> Self { - Self(self.0.pow(exp)) + pub const fn pow(self, exp: u32) -> Self { + match self.0.checked_pow(exp) { + Some(val) => Self(val), + None => panic!("attempt to exponentiate with overflow"), + } } /// Returns `self * numerator / denominator`. @@ -321,13 +324,26 @@ impl Int256 { #[must_use = "this returns the result of the operation, without modifying the original"] pub const fn abs(self) -> Self { - Self(self.0.abs()) + match self.0.checked_abs() { + Some(val) => Self(val), + None => panic!("attempt to calculate absolute value with overflow"), + } } #[must_use = "this returns the result of the operation, without modifying the original"] pub const fn unsigned_abs(self) -> Uint256 { Uint256(self.0.unsigned_abs()) } + + /// Strict negation. Computes -self, panicking if self == MIN. + /// + /// This is the same as [`Int256::neg`] but const. + pub const fn strict_neg(self) -> Self { + match self.0.checked_neg() { + Some(val) => Self(val), + None => panic!("attempt to negate with overflow"), + } + } } impl NumConsts for Int256 { @@ -520,7 +536,7 @@ impl Neg for Int256 { type Output = Self; fn neg(self) -> Self::Output { - Self(-self.0) + self.strict_neg() } } @@ -1377,7 +1393,7 @@ mod tests { } #[test] - #[should_panic = "attempt to negate with overflow"] + #[should_panic = "attempt to calculate absolute value with overflow"] fn int256_abs_min_panics() { _ = Int256::MIN.abs(); }
packages/std/src/math/int512.rs+21 −5 modified@@ -180,8 +180,11 @@ impl Int512 { } #[must_use = "this returns the result of the operation, without modifying the original"] - pub fn pow(self, exp: u32) -> Self { - Self(self.0.pow(exp)) + pub const fn pow(self, exp: u32) -> Self { + match self.0.checked_pow(exp) { + Some(val) => Self(val), + None => panic!("attempt to exponentiate with overflow"), + } } pub fn checked_add(self, other: Self) -> Result<Self, OverflowError> { @@ -306,13 +309,26 @@ impl Int512 { #[must_use = "this returns the result of the operation, without modifying the original"] pub const fn abs(self) -> Self { - Self(self.0.abs()) + match self.0.checked_abs() { + Some(val) => Self(val), + None => panic!("attempt to calculate absolute value with overflow"), + } } #[must_use = "this returns the result of the operation, without modifying the original"] pub const fn unsigned_abs(self) -> Uint512 { Uint512(self.0.unsigned_abs()) } + + /// Strict negation. Computes -self, panicking if self == MIN. + /// + /// This is the same as [`Int512::neg`] but const. + pub const fn strict_neg(self) -> Self { + match self.0.checked_neg() { + Some(val) => Self(val), + None => panic!("attempt to negate with overflow"), + } + } } impl NumConsts for Int512 { @@ -517,7 +533,7 @@ impl Neg for Int512 { type Output = Self; fn neg(self) -> Self::Output { - Self(-self.0) + self.strict_neg() } } @@ -1350,7 +1366,7 @@ mod tests { } #[test] - #[should_panic = "attempt to negate with overflow"] + #[should_panic = "attempt to calculate absolute value with overflow"] fn int512_abs_min_panics() { _ = Int512::MIN.abs(); }
packages/std/src/math/int64.rs+21 −5 modified@@ -98,8 +98,11 @@ impl Int64 { } #[must_use = "this returns the result of the operation, without modifying the original"] - pub fn pow(self, exp: u32) -> Self { - Self(self.0.pow(exp)) + pub const fn pow(self, exp: u32) -> Self { + match self.0.checked_pow(exp) { + Some(val) => Self(val), + None => panic!("attempt to exponentiate with overflow"), + } } /// Returns `self * numerator / denominator`. @@ -263,13 +266,26 @@ impl Int64 { #[must_use = "this returns the result of the operation, without modifying the original"] pub const fn abs(self) -> Self { - Self(self.0.abs()) + match self.0.checked_abs() { + Some(val) => Self(val), + None => panic!("attempt to calculate absolute value with overflow"), + } } #[must_use = "this returns the result of the operation, without modifying the original"] pub const fn unsigned_abs(self) -> Uint64 { Uint64(self.0.unsigned_abs()) } + + /// Strict negation. Computes -self, panicking if self == MIN. + /// + /// This is the same as [`Int64::neg`] but const. + pub const fn strict_neg(self) -> Self { + match self.0.checked_neg() { + Some(val) => Self(val), + None => panic!("attempt to negate with overflow"), + } + } } impl NumConsts for Int64 { @@ -424,7 +440,7 @@ impl Neg for Int64 { type Output = Self; fn neg(self) -> Self::Output { - Self(-self.0) + self.strict_neg() } } @@ -1206,7 +1222,7 @@ mod tests { } #[test] - #[should_panic = "attempt to negate with overflow"] + #[should_panic = "attempt to calculate absolute value with overflow"] fn int64_abs_min_panics() { _ = Int64::MIN.abs(); }
packages/std/src/math/uint128.rs+5 −2 modified@@ -92,8 +92,11 @@ impl Uint128 { } #[must_use = "this returns the result of the operation, without modifying the original"] - pub fn pow(self, exp: u32) -> Self { - self.0.pow(exp).into() + pub const fn pow(self, exp: u32) -> Self { + match self.0.checked_pow(exp) { + Some(val) => Self(val), + None => panic!("attempt to exponentiate with overflow"), + } } /// Returns `self * numerator / denominator`.
packages/std/src/math/uint256.rs+5 −2 modified@@ -164,8 +164,11 @@ impl Uint256 { } #[must_use = "this returns the result of the operation, without modifying the original"] - pub fn pow(self, exp: u32) -> Self { - Self(self.0.pow(exp)) + pub const fn pow(self, exp: u32) -> Self { + match self.0.checked_pow(exp) { + Some(val) => Self(val), + None => panic!("attempt to exponentiate with overflow"), + } } /// Returns `self * numerator / denominator`.
packages/std/src/math/uint512.rs+5 −2 modified@@ -189,8 +189,11 @@ impl Uint512 { } #[must_use = "this returns the result of the operation, without modifying the original"] - pub fn pow(self, exp: u32) -> Self { - Self(self.0.pow(exp)) + pub const fn pow(self, exp: u32) -> Self { + match self.0.checked_pow(exp) { + Some(val) => Self(val), + None => panic!("attempt to exponentiate with overflow"), + } } pub fn checked_add(self, other: Self) -> Result<Self, OverflowError> {
packages/std/src/math/uint64.rs+5 −2 modified@@ -86,8 +86,11 @@ impl Uint64 { } #[must_use = "this returns the result of the operation, without modifying the original"] - pub fn pow(self, exp: u32) -> Self { - self.0.pow(exp).into() + pub const fn pow(self, exp: u32) -> Self { + match self.0.checked_pow(exp) { + Some(val) => Self(val), + None => panic!("attempt to exponentiate with overflow"), + } } /// Returns `self * numerator / denominator`.
8 files changed · +104 −28
packages/std/src/math/int128.rs+21 −5 modified@@ -97,8 +97,11 @@ impl Int128 { } #[must_use = "this returns the result of the operation, without modifying the original"] - pub fn pow(self, exp: u32) -> Self { - Self(self.0.pow(exp)) + pub const fn pow(self, exp: u32) -> Self { + match self.0.checked_pow(exp) { + Some(val) => Self(val), + None => panic!("attempt to exponentiate with overflow"), + } } /// Returns `self * numerator / denominator`. @@ -262,13 +265,26 @@ impl Int128 { #[must_use = "this returns the result of the operation, without modifying the original"] pub const fn abs(self) -> Self { - Self(self.0.abs()) + match self.0.checked_abs() { + Some(val) => Self(val), + None => panic!("attempt to calculate absolute value with overflow"), + } } #[must_use = "this returns the result of the operation, without modifying the original"] pub const fn unsigned_abs(self) -> Uint128 { Uint128(self.0.unsigned_abs()) } + + /// Strict negation. Computes -self, panicking if self == MIN. + /// + /// This is the same as [`Int128::neg`] but const. + pub const fn strict_neg(self) -> Self { + match self.0.checked_neg() { + Some(val) => Self(val), + None => panic!("attempt to negate with overflow"), + } + } } impl NumConsts for Int128 { @@ -444,7 +460,7 @@ impl Neg for Int128 { type Output = Self; fn neg(self) -> Self::Output { - Self(-self.0) + self.strict_neg() } } @@ -1267,7 +1283,7 @@ mod tests { } #[test] - #[should_panic = "attempt to negate with overflow"] + #[should_panic = "attempt to calculate absolute value with overflow"] fn int128_abs_min_panics() { _ = Int128::MIN.abs(); }
packages/std/src/math/int256.rs+21 −5 modified@@ -152,8 +152,11 @@ impl Int256 { } #[must_use = "this returns the result of the operation, without modifying the original"] - pub fn pow(self, exp: u32) -> Self { - Self(self.0.pow(exp)) + pub const fn pow(self, exp: u32) -> Self { + match self.0.checked_pow(exp) { + Some(val) => Self(val), + None => panic!("attempt to exponentiate with overflow"), + } } /// Returns `self * numerator / denominator`. @@ -320,13 +323,26 @@ impl Int256 { #[must_use = "this returns the result of the operation, without modifying the original"] pub const fn abs(self) -> Self { - Self(self.0.abs()) + match self.0.checked_abs() { + Some(val) => Self(val), + None => panic!("attempt to calculate absolute value with overflow"), + } } #[must_use = "this returns the result of the operation, without modifying the original"] pub const fn unsigned_abs(self) -> Uint256 { Uint256(self.0.unsigned_abs()) } + + /// Strict negation. Computes -self, panicking if self == MIN. + /// + /// This is the same as [`Int256::neg`] but const. + pub const fn strict_neg(self) -> Self { + match self.0.checked_neg() { + Some(val) => Self(val), + None => panic!("attempt to negate with overflow"), + } + } } impl NumConsts for Int256 { @@ -519,7 +535,7 @@ impl Neg for Int256 { type Output = Self; fn neg(self) -> Self::Output { - Self(-self.0) + self.strict_neg() } } @@ -1376,7 +1392,7 @@ mod tests { } #[test] - #[should_panic = "attempt to negate with overflow"] + #[should_panic = "attempt to calculate absolute value with overflow"] fn int256_abs_min_panics() { _ = Int256::MIN.abs(); }
packages/std/src/math/int512.rs+21 −5 modified@@ -179,8 +179,11 @@ impl Int512 { } #[must_use = "this returns the result of the operation, without modifying the original"] - pub fn pow(self, exp: u32) -> Self { - Self(self.0.pow(exp)) + pub const fn pow(self, exp: u32) -> Self { + match self.0.checked_pow(exp) { + Some(val) => Self(val), + None => panic!("attempt to exponentiate with overflow"), + } } pub fn checked_add(self, other: Self) -> Result<Self, OverflowError> { @@ -305,13 +308,26 @@ impl Int512 { #[must_use = "this returns the result of the operation, without modifying the original"] pub const fn abs(self) -> Self { - Self(self.0.abs()) + match self.0.checked_abs() { + Some(val) => Self(val), + None => panic!("attempt to calculate absolute value with overflow"), + } } #[must_use = "this returns the result of the operation, without modifying the original"] pub const fn unsigned_abs(self) -> Uint512 { Uint512(self.0.unsigned_abs()) } + + /// Strict negation. Computes -self, panicking if self == MIN. + /// + /// This is the same as [`Int512::neg`] but const. + pub const fn strict_neg(self) -> Self { + match self.0.checked_neg() { + Some(val) => Self(val), + None => panic!("attempt to negate with overflow"), + } + } } impl NumConsts for Int512 { @@ -516,7 +532,7 @@ impl Neg for Int512 { type Output = Self; fn neg(self) -> Self::Output { - Self(-self.0) + self.strict_neg() } } @@ -1349,7 +1365,7 @@ mod tests { } #[test] - #[should_panic = "attempt to negate with overflow"] + #[should_panic = "attempt to calculate absolute value with overflow"] fn int512_abs_min_panics() { _ = Int512::MIN.abs(); }
packages/std/src/math/int64.rs+21 −5 modified@@ -97,8 +97,11 @@ impl Int64 { } #[must_use = "this returns the result of the operation, without modifying the original"] - pub fn pow(self, exp: u32) -> Self { - Self(self.0.pow(exp)) + pub const fn pow(self, exp: u32) -> Self { + match self.0.checked_pow(exp) { + Some(val) => Self(val), + None => panic!("attempt to exponentiate with overflow"), + } } /// Returns `self * numerator / denominator`. @@ -262,13 +265,26 @@ impl Int64 { #[must_use = "this returns the result of the operation, without modifying the original"] pub const fn abs(self) -> Self { - Self(self.0.abs()) + match self.0.checked_abs() { + Some(val) => Self(val), + None => panic!("attempt to calculate absolute value with overflow"), + } } #[must_use = "this returns the result of the operation, without modifying the original"] pub const fn unsigned_abs(self) -> Uint64 { Uint64(self.0.unsigned_abs()) } + + /// Strict negation. Computes -self, panicking if self == MIN. + /// + /// This is the same as [`Int64::neg`] but const. + pub const fn strict_neg(self) -> Self { + match self.0.checked_neg() { + Some(val) => Self(val), + None => panic!("attempt to negate with overflow"), + } + } } impl NumConsts for Int64 { @@ -423,7 +439,7 @@ impl Neg for Int64 { type Output = Self; fn neg(self) -> Self::Output { - Self(-self.0) + self.strict_neg() } } @@ -1205,7 +1221,7 @@ mod tests { } #[test] - #[should_panic = "attempt to negate with overflow"] + #[should_panic = "attempt to calculate absolute value with overflow"] fn int64_abs_min_panics() { _ = Int64::MIN.abs(); }
packages/std/src/math/uint128.rs+5 −2 modified@@ -92,8 +92,11 @@ impl Uint128 { } #[must_use = "this returns the result of the operation, without modifying the original"] - pub fn pow(self, exp: u32) -> Self { - self.0.pow(exp).into() + pub const fn pow(self, exp: u32) -> Self { + match self.0.checked_pow(exp) { + Some(val) => Self(val), + None => panic!("attempt to exponentiate with overflow"), + } } /// Returns `self * numerator / denominator`.
packages/std/src/math/uint256.rs+5 −2 modified@@ -164,8 +164,11 @@ impl Uint256 { } #[must_use = "this returns the result of the operation, without modifying the original"] - pub fn pow(self, exp: u32) -> Self { - Self(self.0.pow(exp)) + pub const fn pow(self, exp: u32) -> Self { + match self.0.checked_pow(exp) { + Some(val) => Self(val), + None => panic!("attempt to exponentiate with overflow"), + } } /// Returns `self * numerator / denominator`.
packages/std/src/math/uint512.rs+5 −2 modified@@ -188,8 +188,11 @@ impl Uint512 { } #[must_use = "this returns the result of the operation, without modifying the original"] - pub fn pow(self, exp: u32) -> Self { - Self(self.0.pow(exp)) + pub const fn pow(self, exp: u32) -> Self { + match self.0.checked_pow(exp) { + Some(val) => Self(val), + None => panic!("attempt to exponentiate with overflow"), + } } pub fn checked_add(self, other: Self) -> Result<Self, OverflowError> {
packages/std/src/math/uint64.rs+5 −2 modified@@ -86,8 +86,11 @@ impl Uint64 { } #[must_use = "this returns the result of the operation, without modifying the original"] - pub fn pow(self, exp: u32) -> Self { - self.0.pow(exp).into() + pub const fn pow(self, exp: u32) -> Self { + match self.0.checked_pow(exp) { + Some(val) => Self(val), + None => panic!("attempt to exponentiate with overflow"), + } } /// Returns `self * numerator / denominator`.
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- github.com/advisories/GHSA-8724-5xmm-w5xqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-58263ghsaADVISORY
- github.com/CosmWasm/advisories/blob/main/CWAs/CWA-2024-002.mdghsaWEB
- github.com/CosmWasm/cosmwasm/commit/607e7fc710fb9441096e8edbaa12879b552c8f65ghsaWEB
- github.com/CosmWasm/cosmwasm/commit/a6a639e09adc355b5f889a09141649005cb08a46ghsaWEB
- github.com/CosmWasm/cosmwasm/commit/eff79bcbe73b61178817aacf0a6449437adad6a9ghsaWEB
- rustsec.org/advisories/RUSTSEC-2024-0338.htmlghsaWEB
- crates.io/crates/cosmwasm-stdmitre
News mentions
0No linked articles in our index yet.