c4-judge
commented
1 year ago GalloDaSballo marked the issue as unsatisfactory: Invalid
Closed code423n4 closed 1 year ago
c4-judge
commented
1 year ago GalloDaSballo marked the issue as unsatisfactory: Invalid
GalloDaSballo
commented
1 year ago GPT Enjoyer, enjoy your ban
Lines of code
https://github.com/code-423n4/2023-01-drips/blob/9fd776b50f4be23ca038b1d0426e63a69c7a511d/src/Splits.sol#L25
Vulnerability details
Impact
Detailed description of the impact of this finding.
The contract has no mechanism to prevent a malicious user from exceeding the _MAX_TOTAL_SPLITS_BALANCE limit, which could result in an overflow and a total protocol collapse.
There is no check to prevent a malicious user from setting a zero weight for a receiver, which could result in an error in the calculation of the receiver's share of the funds.
There is no check to prevent a malicious user from exceeding the _MAX_SPLITS_RECEIVERS limit, which could result in increased gas costs and impact the performance of the contract.
There is no mechanism in place to handle errors and exceptions that may occur during the splitting process.
Proof of Concept
A proof-of-concept (PoC) for one of the vulnerabilities mentioned above could be to call the _addSplittable function with an asset ID that exceeds the _MAX_TOTAL_SPLITS_BALANCE limit and observe the result.