jack-the-pug
commented
2 years ago It's for the friendly error message
Closed code423n4 closed 2 years ago
jack-the-pug
commented
2 years ago It's for the friendly error message
Handle
pedroais
Vulnerability details
Proof of Concept
https://github.com/code-423n4/2022-01-sherlock/blob/c763f10c4b5fe2127677d6c25b83adcf3bcec212/contracts/managers/SherlockProtocolManager.sol#L796
The contract checks _amount > currentBalance and then computes currentBalance - _amount
If _amount > currentBalance the subtraction will overflow and revert by itself thanks to solidity 0.8 built-in overflow check so checking it before is pointless.
Recommended Mitigation Steps
The check could be removed or the math could be made unchecked.