Open code423n4 opened 2 years ago
Highly unlikely to overflow on uint256
amounts but will keep as low
risk to ensure it is properly fixed. Would require an incredibly large amount of assets as safeTransferFrom
transfers these assets from msg.sender
to the contract.
Handle
pmerkleplant
Vulnerability details
Impact
Function
deposit
inIbbtcVaultZap.sol
computes two additions without overflow protection, see lines 158 and 166.In the first case, i.e. line 158, the addition can be changed to an assignment, as
depositAmount[i]
is always 0.In the second case, i.e. line 166, an overflow would lead to a wrong amount of funds deposited into Curve and from there to a wrong amount of LP tokens send to the
msg.sender
.Recommended Steps of Mitigation
As OpenZeppelin's
SafeMathUpgradeable
library is already imported, use theiradd
function instead of the native+
operator.