code-423n4 / 2021-06-pooltogether-findings

0 stars 0 forks source link

`BadgerYieldSource` SafeMath not used #89

Closed code423n4 closed 3 years ago

code423n4 commented 3 years ago

Handle

cmichel

Vulnerability details

BadgerYieldSource.redeemToken: no usage of SafeMath can lead to overflows here as the amount parameter is chosen by the attacker.

amount.mul(totalShares) + totalShares

Impact

It does most likely not have an impact, we still recommend using SafeMath.

Recommended Mitigation Steps

Use SafeMath.

asselstine commented 3 years ago

Duplicate of https://github.com/code-423n4/2021-06-pooltogether-findings/issues/114

dmvt commented 3 years ago

duplicate of #114