reverts due to overflow for higher values (but strictly less than type(uint112).max) and hence when user calls exit or withdraw function it will revert and that user will not able to withdraw funds permanentaly.
Proof of Concept
Attaching diff to modify tests to reproduce behaviour:
Consider doing arithmetic operations in two steps or upcasting to u256 and then downcasting. Alternatively, find a threshold where it breaks and add require condition to not allow total stake per user greater than threshhold.
Per the warden's request, I added this sentence to the mitigation steps: "Alternatively, find a threshold where it breaks and add require condition to not allow total stake per user greater than threshhold."
Handle
hack3r-0m
Vulnerability details
Impact
https://github.com/code-423n4/2021-11-streaming/blob/main/Streaming/src/Locke.sol#L229
reverts due to overflow for higher values (but strictly less than type(uint112).max) and hence when user calls
exit
orwithdraw
function it will revert and that user will not able to withdraw funds permanentaly.Proof of Concept
Attaching diff to modify tests to reproduce behaviour:
Tools Used
Manual Review
Recommended Mitigation Steps
Consider doing arithmetic operations in two steps or upcasting to u256 and then downcasting. Alternatively, find a threshold where it breaks and add require condition to not allow total stake per user greater than threshhold.