search

code-423n4 / 2022-01-openleverage-findings

0 stars 0 forks source link

Unable to withdraw if block.number > 32-bit #252

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

gzeon

Vulnerability details

Impact

If block.number > 32-bit, _updateTotalSupplyCheckPoints would revert. _updateTotalSupplyCheckPoints is called from _mint and _burn, which mean withdraw would also revert.

Proof of Concept

https://github.com/code-423n4/2022-01-openleverage/blob/501e8f5c7ebaf1242572712626a77a3d65bdd3ad/openleverage-contracts/contracts/XOLE.sol#L198

        uint32 blockNumber = safe32(block.number, "block number exceeds 32 bits");

Recommended Mitigation Steps

Consider to add an emergency withdrawal function

ColaM12 commented 2 years ago

2**32 = 4,294,967,296 which is hundreds of years and way beyond consideration.

0xleastwood commented 2 years ago

Agree with sponsor, this seems unnecessary. Marking as invalid.