As contract Vether4 is using pragma solidity 0.6.4; SafeMath is not enabled by default, thus making this check inside function distribute avoidable (overflow):
upgradedAmount += ownership[i];
require(upgradedAmount <= maxEmissions, "Must not send more than possible");
Of course, this function can only be called by the deployer (who is later expected to call purgeDeployer) so the issue is only theoretical.
Recommended Mitigation Steps
Use SafeMath here or just be informed about this theoretical issue.
Handle
paulius.eth
Vulnerability details
Impact
As contract Vether4 is using pragma solidity 0.6.4; SafeMath is not enabled by default, thus making this check inside function distribute avoidable (overflow): upgradedAmount += ownership[i]; require(upgradedAmount <= maxEmissions, "Must not send more than possible"); Of course, this function can only be called by the deployer (who is later expected to call purgeDeployer) so the issue is only theoretical.
Recommended Mitigation Steps
Use SafeMath here or just be informed about this theoretical issue.