search

code-423n4 / 2021-07-sherlock-findings

0 stars 0 forks source link

Cannot set `watsonsSherxWeight` to the maximum #140

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

shw

Vulnerability details

Impact

The watsonsSherxWeight cannot be set to the maximum once it is set to another value since the setWeights function only changes the watsonsSherxWeight variable when _watsons is not the maximum.

Proof of Concept

Referenced code: SherX.sol#L217-L222

Recommended Mitigation Steps

Consider removing the if condition at line 217, or add a new boolean parameter to indicate that whether the watsonsSherxWeight needs to be set or not.

Evert0x commented 3 years ago

The maximum is uint16(-1) not uint256(-1)

ghoul-sol commented 3 years ago

per sponsor comment, invalid