Closed code423n4 closed 2 years ago
The check for safe32 is made in the function: uint32 blockNumber = safe32(block.number);
(as shown in the Issue PoC), that will use the contract safe32()
method do perform the correct checks, and revert if the block number exceeds uint32 (in something like 1700 years ?)
safe32()
method: https://github.com/code-423n4/2022-03-paladin/blob/9c26ec8556298fb1dc3cf71f471aadad3a5c74a0/contracts/HolyPaladinToken.sol#L1387
closing as invalid. Worth noting that if the system is deployed to an EVM with much more frequent blocks this could become problematic sooner than 1700 years....
Lines of code
https://github.com/code-423n4/2022-03-paladin/blob/main/contracts/HolyPaladinToken.sol#L1054
Vulnerability details
Impact
During the code review, It has been observed that _writeCheckPoint function is missing check when the block.number exceeds to 32 bits. The necessary checks are not implemented on the function.
Proof of Concept
Tools Used
Code Review
Recommended Mitigation Steps
It is recommended to add the following check at the beginning of the function..