If an integer overflow or underflow occurs in the contract, it could lead to incorrect calculations and potentially unintended consequences, such as the transfer of incorrect amounts of tokens or the allocation of incorrect amounts of rewards. This could have financial impacts for users of the contract and could potentially undermine the integrity of the platform.
Proof of Concept
Suppose the contract has a mapping called totalLocked, which tracks the total amount of a specific token that has been locked up by users.
An attacker creates a bond with a lock period of 365 days and locks up 1,000,000 of a specific token.
The attacker then extends the lock period by an additional 365 days, but this time they lock up 2,000,000 of the same token.
The contract updates the totalLocked mapping to reflect the additional locked amount.
However, because the contract is using a uint type to store the totalLocked value, if the value exceeds the maximum uint value (2^256 - 1), it will wrap around to the minimum uint value (0).
As a result, the totalLocked value will be set to 0, even though the attacker has locked up a total of 3,000,000 of the token
Tools Used
Mythril
Recommended Mitigation Steps
To mitigate the risks of integer overflow and underflow in the contract, we recommend implementing the following measures:
Use the SafeMath library, which provides functions for performing arithmetic operations that automatically check for overflow and underflow conditions.
Use the uint256 type (available in Solidity 0.9.0 and higher) to store and manipulate values that may exceed the maximum uint value.
Carefully review and test your code to ensure that arithmetic operations are performed correctly and that the contract handles overflow and underflow conditions appropriately.
Lines of code
https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/Lock.sol#L18
Vulnerability details
Impact
If an integer overflow or underflow occurs in the contract, it could lead to incorrect calculations and potentially unintended consequences, such as the transfer of incorrect amounts of tokens or the allocation of incorrect amounts of rewards. This could have financial impacts for users of the contract and could potentially undermine the integrity of the platform.
Proof of Concept
Suppose the contract has a mapping called totalLocked, which tracks the total amount of a specific token that has been locked up by users. An attacker creates a bond with a lock period of 365 days and locks up 1,000,000 of a specific token. The attacker then extends the lock period by an additional 365 days, but this time they lock up 2,000,000 of the same token. The contract updates the totalLocked mapping to reflect the additional locked amount. However, because the contract is using a uint type to store the totalLocked value, if the value exceeds the maximum uint value (2^256 - 1), it will wrap around to the minimum uint value (0). As a result, the totalLocked value will be set to 0, even though the attacker has locked up a total of 3,000,000 of the token
Tools Used
Mythril
Recommended Mitigation Steps
To mitigate the risks of integer overflow and underflow in the contract, we recommend implementing the following measures:
Use the SafeMath library, which provides functions for performing arithmetic operations that automatically check for overflow and underflow conditions. Use the uint256 type (available in Solidity 0.9.0 and higher) to store and manipulate values that may exceed the maximum uint value. Carefully review and test your code to ensure that arithmetic operations are performed correctly and that the contract handles overflow and underflow conditions appropriately.