search

code-423n4 / 2021-07-spartan-findings

0 stars 0 forks source link

Router.addDividend(address,uint256) has potentially unsafe arithmetic #193

Closed code423n4 closed 3 years ago

code423n4 commented 3 years ago

Handle

heiho1

Vulnerability details

Impact

Router.addDividend(address,uint256) has potentially unsafe division before multiplication. This could lead to truncation.

Proof of Concept

https://github.com/code-423n4/2021-07-spartan/blob/e2555aab44d9760fdd640df9095b7235b70f035e/contracts/Router.sol#L274

Tools Used

Slither

Recommended Mitigation Steps

Potentially this issue is mitigated by recent Solidity changes to overflow/underflow arithmetic. Alternatively OpenZeppelin SafeMath should be used for all arithmetic:

https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/utils/math/SafeMath.sol

verifyfirst commented 3 years ago

0.8.0 Solidity no longer needs safeMath

ghoul-sol commented 3 years ago

Per sponsor comment, invalid