search

code-423n4 / 2021-05-88mph-findings

0 stars 0 forks source link

lack of input validation of timestamp in function _depositRecordData() , Dinternest.sol #11

Closed code423n4 closed 3 years ago

code423n4 commented 3 years ago

Handle

Jmukesh

Vulnerability details

Impact

Due to lack of input validation in of timestamp _depositRecordData() , this function may get failed during execution

Proof of Concept

In Dinterest.sol

https://github.com/code-423n4/2021-05-88mph/blob/main/contracts/DInterest.sol#L796

function _depositRecordData( address sender, uint256 depositAmount, uint256 maturationTimestamp ) internal virtual returns (uint256 depositID, uint256 interestAmount) { // Ensure input is valid require( depositAmount >= MinDepositAmount, "DInterest: Deposit amount too small" ); uint256 depositPeriod = maturationTimestamp - block.timestamp; require( depositPeriod <= MaxDepositPeriod, "DInterest: Deposit period too long" );

here depositPeriod must be >=0 other wise , it will give error due to which function will not excute .

Tools Used

manual review

Recommended Mitigation Steps

add require condition for depositPeriod --> require(depositPeriod >= 0)

ZeframLou commented 3 years ago

depositPeriod is an unsigned integer, so depositPeriod >= 0 is always true.

ghoul-sol commented 3 years ago

Closing as @ZeframLou comment is correct.