When calculating cumulativePower regular arithmetic operations (not SafeMath) are used. In theory, this can result in value overflows, however, in practice, this depends on the honesty of those that can assign powers (e.g. when deploying or updating valset).
Recommended Mitigation Steps
Make sure that you understand this risk and consider using SafeMath operations there.
jkilpatr
commented
2 years ago
Handle
pauliax
Vulnerability details
Impact
When calculating cumulativePower regular arithmetic operations (not SafeMath) are used. In theory, this can result in value overflows, however, in practice, this depends on the honesty of those that can assign powers (e.g. when deploying or updating valset).
Recommended Mitigation Steps
Make sure that you understand this risk and consider using SafeMath operations there.