Closed code423n4 closed 2 years ago
In Solidity 0.8.0, arithmetic operators are automatically checked for overflow (see https://docs.soliditylang.org/en/v0.8.3/080-breaking-changes.html), including for uint8. Exceeding uint8 capacity should therefore revert.
closing as invalid based on solidity version used.
Handle
leastwood
Vulnerability details
Impact
If the list of tokens provided to the
sweepFees()
function exceeds the maximumuint8
size, the function will revert due to an out of bounds error. as thei
variable overflows There is no revert message that indicates to the user what may have caused the transaction to fail.Proof of Concept
https://github.com/code-423n4/2021-10-tally/blob/main/contracts/swap/Swap.sol#L243-L259
Tools Used
Manual code review
Recommended Mitigation Steps
Consider checking the length of tokens fits within the maximum size for a
uint8
or updating theuint8
insweepFees()
to typeuint256
.