Closed ghost closed 2 years ago
Hey @jilky, thanks for submitting this, but team has already provided feedback for this through HackerOne. Reiterating it here:
I agree that there exists some contracts on every EVM-based chain that are susceptible to {over,under}flow attacks, however this is not a security concern of the MetaMask product as we do not control those vulnerable smart contracts.
Describe the bug
Solidity Hacking: Integer Overflow
Integer overflows and wraparounds are featured on the Most Common Weakness Enumeration (CWE) list of the most common bugs, faults, or errors for hardware and software. Integer overflows occur when a value exceeds the maximum value that a variable can contain, and integer overflows happen when a value becomes too small to fit. This results in an unsigned variable that constrains the maximum value that it can hold.
Integer Overflow in Ethereum
In Solidity, you can perform many different operations with numbers. This common issue is present in multiple Ethereum, Arbitrum, BNB Smart Chain, and Polygon networks including Ethereum Test networks such as Ropsten, Kovan, Rinkeby, and Görli.
There are two types of integers in Solidity:
Steps to reproduce
batchTransfer
type-1
Attacker performs -1 request with
mint, transfer, transferFrom, batchTransfer
Error messages or log output
Version
10.14.7
Build type
No response
Browser
Firefox
Operating system
Linux
Hardware wallet
Ledger, Other (please elaborate in the "Additional Context" section)
Additional context
Using Integer Overflow to Perform an Attack on Ethereum Network (Related Issues)
_value (uint256) -1