Closed code423n4 closed 2 years ago
gzeon
If block.number > 32-bit, _updateTotalSupplyCheckPoints would revert. _updateTotalSupplyCheckPoints is called from _mint and _burn, which mean withdraw would also revert.
_updateTotalSupplyCheckPoints
_mint
_burn
withdraw
https://github.com/code-423n4/2022-01-openleverage/blob/501e8f5c7ebaf1242572712626a77a3d65bdd3ad/openleverage-contracts/contracts/XOLE.sol#L198
uint32 blockNumber = safe32(block.number, "block number exceeds 32 bits");
Consider to add an emergency withdrawal function
2**32 = 4,294,967,296 which is hundreds of years and way beyond consideration.
Agree with sponsor, this seems unnecessary. Marking as invalid.
invalid
Handle
gzeon
Vulnerability details
Impact
If block.number > 32-bit,
_updateTotalSupplyCheckPoints
would revert._updateTotalSupplyCheckPoints
is called from_mint
and_burn
, which meanwithdraw
would also revert.Proof of Concept
https://github.com/code-423n4/2022-01-openleverage/blob/501e8f5c7ebaf1242572712626a77a3d65bdd3ad/openleverage-contracts/contracts/XOLE.sol#L198
Recommended Mitigation Steps
Consider to add an emergency withdrawal function