search

code-423n4 / 2023-02-ethos-findings

8 stars 6 forks source link

SWC-101 The arithmetic operation can overflow.ActivePool.setYieldDistributionParams() #542

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-02-ethos/blob/73687f32b934c9d697b97745356cdf8a1f264955/Ethos-Core/contracts/ActivePool.sol#L144-L150

Vulnerability details

Impact

The arithmetic operation can overflow.
It is possible to cause an arithmetic overflow. Prevent the overflow by constraining inputs using the require() statement or use the OpenZeppelin SafeMath library for integer arithmetic operations. Refer to the transaction trace generated for this issue to reproduce the overflow.

Proof of Concept

# Vulnerable Lines
    function setYieldDistributionParams(uint256 _treasurySplit, uint256 _SPSplit, uint256 _stakingSplit) external onlyOwner {
        require(_treasurySplit + _SPSplit + _stakingSplit == 10_000, "Splits must add up to 10000 BPS");
        yieldSplitTreasury = _treasurySplit;
        yieldSplitSP = _SPSplit;
        yieldSplitStaking = _stakingSplit;
        emit YieldDistributionParamsUpdated(_treasurySplit, _SPSplit, _stakingSplit);
    }
# Test
1. Create Account and add money
{
  "address": "",
  "gasLimit": "0x2ffffff",
  "gasPrice": "0x3b9aca000",
  "input": "0x608060405260008060146101000a81548160ff0219169083151502179055506064600f556107d0601055610fa0601155610fa060125534801561004157600080fd5b50336000806101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055503373ffffffffffffffffffffffffffffffffffffffff16600073ffffffffffffffffffffffffffffffffffffffff167f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e060405160405180910390a3614982806100ec6000396000f3fe608060405234801561001057600080fd5b50600436106101f05760003560e01c8063761ab22c1161010f578063a3f4df7e116100a2578063c5f956af11610071578063c5f956af14610a02578063c707f62514610a4c578063eb13cd1014610bc6578063fc08a27814610c14576101f0565b8063a3f4df7e14610893578063aac1846f14610916578063b7f8cf9b14610960578063c0835ed8146109aa576101f0565b80638fca46f4116100de5780638fca46f4146107775780639b56d6c9146107c55780639e6ed1281461081d5780639f7d525714610875576101f0565b8063761ab22c146106a35780638c943115146106ed5780638da5cb5b1461070b5780638f32d59b14610755576101f0565b806346a8044111610187578063622c070711610156578063622c07071461052b57806362782a2f146105af5780636dc85da814610607578063715aa61b14610635576101f0565b806346a80441146103f95780634b14fa871461043b5780635a4d28bb146104935780635fc7b5e8146104dd576101f0565b806331585161116101c357806331585161146102f557806336c855df146103435780633aacc8151461038d5780633de2e098146103db576101f0565b8063015933de146101f55780630b622ab2146102135780632a9043ec1461025d5780632bc75d35146102a7575b600080fd5b6101fd610c36565b6040518082815260200191505060405180910390f35b61021b610c3c565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b610265610c62565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b6102f3600480360360408110156102bd57600080fd5b81019080803573ffffffffffffffffffffffffffffffffffffffff16906020019092919080359060200190929190505050610c88565b005b6103416004803603604081101561030b57600080fd5b81019080803573ffffffffffffffffffffffffffffffffffffffff16906020019092919080359060200190929190505050610dbe565b005b61034b610e4f565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b6103d9600480360360408110156103a357600080fd5b81019080803573ffffffffffffffffffffffffffffffffffffffff16906020019092919080359060200190929190505050610e75565b005b6103e3610fc9565b6040518082815260200191505060405180910390f35b6104396004803603606081101561040f57600080fd5b81019080803590602001909291908035906020019092919080359060200190929190505050610fcf565b005b61047d6004803603602081101561045157600080fd5b81019080803573ffffffffffffffffffffffffffffffffffffffff169060200190929190505050611125565b6040518082815260200191505060405180910390f35b61049b611177565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b610529600480360360408110156104f357600080fd5b81019080803573ffffffffffffffffffffffffffffffffffffffff1690602001909291908035906020019092919050505061119d565b005b61056d6004803603602081101561054157600080fd5b81019080803573ffffffffffffffffffffffffffffffffffffffff1690602001909291905050506112f1565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b6105f1600480360360208110156105c557600080fd5b81019080803573ffffffffffffffffffffffffffffffffffffffff169060200190929190505050611324565b6040518082815260200191505060405180910390f35b6106336004803603602081101561061d57600080fd5b810190808035906020019092919050505061133c565b005b6106a16004803603606081101561064b57600080fd5b81019080803573ffffffffffffffffffffffffffffffffffffffff169060200190929190803573ffffffffffffffffffffffffffffffffffffffff16906020019092919080359060200190929190505050611452565b005b6106ab61194f565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b6106f5611975565b6040518082815260200191505060405180910390f35b61071361197b565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b61075d6119a4565b604051808215151515815260200191505060405180910390f35b6107c36004803603604081101561078d57600080fd5b81019080803573ffffffffffffffffffffffffffffffffffffffff169060200190929190803590602001909291905050506119fb565b005b610807600480360360208110156107db57600080fd5b81019080803573ffffffffffffffffffffffffffffffffffffffff169060200190929190505050611ba9565b6040518082815260200191505060405180910390f35b61085f6004803603602081101561083357600080fd5b81019080803573ffffffffffffffffffffffffffffffffffffffff169060200190929190505050611bfb565b6040518082815260200191505060405180910390f35b61087d611c13565b6040518082815260200191505060405180910390f35b61089b611c19565b6040518080602001828103825283818151815260200191508051906020019080838360005b838110156108db5780820151818401526020810190506108c0565b50505050905090810190601f1680156109085780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b61091e611c52565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b610968611c78565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b6109ec600480360360208110156109c057600080fd5b81019080803573ffffffffffffffffffffffffffffffffffffffff169060200190929190505050611c9e565b6040518082815260200191505060405180910390f35b610a0a611cb6565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b610bc46004803603610120811015610a6357600080fd5b81019080803573ffffffffffffffffffffffffffffffffffffffff169060200190929190803573ffffffffffffffffffffffffffffffffffffffff169060200190929190803573ffffffffffffffffffffffffffffffffffffffff169060200190929190803573ffffffffffffffffffffffffffffffffffffffff169060200190929190803573ffffffffffffffffffffffffffffffffffffffff169060200190929190803573ffffffffffffffffffffffffffffffffffffffff169060200190929190803573ffffffffffffffffffffffffffffffffffffffff169060200190929190803573ffffffffffffffffffffffffffffffffffffffff16906020019092919080359060200190640100000000811115610b8057600080fd5b820183602082011115610b9257600080fd5b80359060200191846020830284011164010000000083111715610bb457600080fd5b9091929391929390505050611cdc565b005b610c1260048036036040811015610bdc57600080fd5b81019080803573ffffffffffffffffffffffffffffffffffffffff169060200190929190803590602001909291905050506126e2565b005b610c1c61286e565b604051808215151515815260200191505060405180910390f35b60105481565b600460009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b600660009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b610c906119a4565b610d02576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260208152602001807f4f776e61626c653a2063616c6c6572206973206e6f7420746865206f776e657281525060200191505060405180910390fd5b610d0b82612881565b80600e60008473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020819055507f24a014d0281283d717dc5b79bbcc192595a3c2d44607b8a2b919946d38011c4d8282604051808373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020018281526020019250505060405180910390a15050565b610dc66119a4565b610e38576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260208152602001807f4f776e61626c653a2063616c6c6572206973206e6f7420746865206f776e657281525060200191505060405180910390fd5b610e4182612881565b610e4b82826129d0565b5050565b600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b610e7e82612881565b610e866137bb565b610ed881600a60008573ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020546139f190919063ffffffff16565b600a60008473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020819055507fc302289861a161b94f85213e562f9203e1a260db17e251062f09d18d2e33bbd982600a60008573ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002054604051808373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020018281526020019250505060405180910390a15050565b60115481565b610fd76119a4565b611049576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260208152602001807f4f776e61626c653a2063616c6c6572206973206e6f7420746865206f776e657281525060200191505060405180910390fd5b6127108183850101146110c4576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252601f8152602001807f53706c697473206d7573742061646420757020746f203130303030204250530081525060200191505060405180910390fd5b8260108190555081601181905550806012819055507feea977fcccce470b4253ee1d11ad740fd2d7fb6f7b0d11bc1d4e95420391ba9c83838360405180848152602001838152602001828152602001935050505060405180910390a1505050565b600061113082612881565b600a60008373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020549050919050565b600360009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b6111a682612881565b6111ae613a3b565b61120081600a60008573ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002054613b3b90919063ffffffff16565b600a60008473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020819055507fc302289861a161b94f85213e562f9203e1a260db17e251062f09d18d2e33bbd982600a60008573ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002054604051808373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020018281526020019250505060405180910390a15050565b600d6020528060005260406000206000915054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b600c6020528060005260406000206000915090505481565b6113446119a4565b6113b6576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260208152602001807f4f776e61626c653a2063616c6c6572206973206e6f7420746865206f776e657281525060200191505060405180910390fd5b6101f4811115611411576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260248152602001806149296024913960400191505060405180910390fd5b80600f819055507f5fbcff1e8cc75f2709306df7afa256d08e0fa54056bf30c960d04027aa4184cd816040518082815260200191505060405180910390a150565b61145b83612881565b6114636137bb565b61146d83826129d0565b6114bf81600960008673ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020546139f190919063ffffffff16565b600960008573ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020819055507f1425c832aad46d3d2e1f005ff3fc09c5576e2105c0649b973375224e6fec170483600960008673ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002054604051808373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020018281526020019250505060405180910390a17fe664153eb516123e000bb334869ec912418f6fe4c1abb53fe2f848c947a8405d838383604051808473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020018373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001828152602001935050505060405180910390a1600560009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168273ffffffffffffffffffffffffffffffffffffffff1614156117b4576116ee600560009054906101000a900473ffffffffffffffffffffffffffffffffffffffff16828573ffffffffffffffffffffffffffffffffffffffff16613bc39092919063ffffffff16565b600560009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff166374448ef984836040518363ffffffff1660e01b8152600401808373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200182815260200192505050600060405180830381600087803b15801561179757600080fd5b505af11580156117ab573d6000803e3d6000fd5b5050505061194a565b600660009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168273ffffffffffffffffffffffffffffffffffffffff16141561191d57611857600660009054906101000a900473ffffffffffffffffffffffffffffffffffffffff16828573ffffffffffffffffffffffffffffffffffffffff16613bc39092919063ffffffff16565b600660009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff166374448ef984836040518363ffffffff1660e01b8152600401808373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200182815260200192505050600060405180830381600087803b15801561190057600080fd5b505af1158015611914573d6000803e3d6000fd5b50505050611949565b61194882828573ffffffffffffffffffffffffffffffffffffffff16613d7e9092919063ffffffff16565b5b5b505050565b600860009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b600f5481565b60008060009054906101000a900473ffffffffffffffffffffffffffffffffffffffff16905090565b60008060009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff1614905090565b611a036119a4565b611a75576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260208152602001807f4f776e61626c653a2063616c6c6572206973206e6f7420746865206f776e657281525060200191505060405180910390fd5b611a7e82612881565b612710811115611af6576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260118152602001807f496e76616c6964204250532076616c756500000000000000000000000000000081525060200191505060405180910390fd5b80600b60008473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020819055507ffeec3b80df49ed96aaf58c164a6c183a9cc1b48d44e43bfe0162b01e428371688282604051808373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020018281526020019250505060405180910390a15050565b6000611bb482612881565b600960008373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020549050919050565b600e6020528060005260406000206000915090505481565b60125481565b6040518060400160405280600a81526020017f416374697665506f6f6c0000000000000000000000000000000000000000000081525081565b600560009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b600260009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b600b6020528060005260406000206000915090505481565b600760009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b611ce46119a4565b611d56576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260208152602001807f4f776e61626c653a2063616c6c6572206973206e6f7420746865206f776e657281525060200191505060405180910390fd5b600060149054906101000a900460ff1615611dd9576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252601f8152602001807f43616e2063616c6c20736574416464726573736573206f6e6c79206f6e63650081525060200191505060405180910390fd5b611de28a613e36565b611deb89613e36565b611df488613e36565b611dfd87613e36565b611e0686613e36565b611e0f85613e36565b600073ffffffffffffffffffffffffffffffffffffffff168473ffffffffffffffffffffffffffffffffffffffff161415611eb2576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252601c8152602001807f54726561737572792063616e6e6f74206265203020616464726573730000000081525060200191505060405180910390fd5b611ebb83613e36565b89600160006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff16021790555088600260006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff16021790555087600360006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff16021790555086600460006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff16021790555085600560006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff16021790555084600660006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff16021790555083600760006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff16021790555082600860006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055506060600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1663b2604ecf6040518163ffffffff1660e01b815260040160006040518083038186803b15801561212d57600080fd5b505afa158015612141573d6000803e3d6000fd5b505050506040513d6000823e3d601f19601f82011682018060405250602081101561216b57600080fd5b810190808051604051939291908464010000000082111561218b57600080fd5b838201915060208201858111156121a157600080fd5b82518660208202830111640100000000821117156121be57600080fd5b8083526020830192505050908051906020019060200280838360005b838110156121f55780820151818401526020810190506121da565b505050509050016040525050509050600081519050838390508114612265576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260348152602001806148006034913960400191505060405180910390fd5b60008090505b8181101561246657600083828151811061228157fe5b60200260200101519050600086868481811061229957fe5b9050602002013573ffffffffffffffffffffffffffffffffffffffff1690508173ffffffffffffffffffffffffffffffffffffffff168173ffffffffffffffffffffffffffffffffffffffff166338d52e0f6040518163ffffffff1660e01b815260040160206040518083038186803b15801561231557600080fd5b505afa158015612329573d6000803e3d6000fd5b505050506040513d602081101561233f57600080fd5b810190808051906020019092919050505073ffffffffffffffffffffffffffffffffffffffff16146123d9576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252601e8152602001807f5661756c74206173736574206d75737420626520636f6c6c61746572616c000081525060200191505060405180910390fd5b80600d60008473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055505050808060010191505061226b565b507f6a69409f44477d8556c3c8040edc75d9bc1b3dee7846f6045c0b99556fe7bc918c604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390a17f3ca631ffcd2a9b5d9ae18543fc82f58eb4ca33af9e6ab01b7a8e95331e6ed9858b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390a17f143219c9e69b09e07e095fcc889b43d8f46ca892bba65f08dc3a0050869a56788a604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390a17f82966d27eea39b038ee0fa30cd16532bb24f6e65d31cb58fb227aa5766cdcc7f89604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390a17f5ee0cae2f063ed938bb55046f6a932fb6ae792bf43624806bb90abe68a50be9b88604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390a17fe67f36a6e961157d6eff83b91f3af5a62131ceb6f04954ef74f51c1c05e7f88d87604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390a16001600060146101000a81548160ff021916908315150217905550505050505050505050505050565b6126eb82612881565b6126f3613f59565b61274581600960008573ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002054613b3b90919063ffffffff16565b600960008473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020819055507f1425c832aad46d3d2e1f005ff3fc09c5576e2105c0649b973375224e6fec170482600960008573ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002054604051808373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020018281526020019250505060405180910390a161285f3330838573ffffffffffffffffffffffffffffffffffffffff16614059909392919063ffffffff16565b61286a8260006129d0565b5050565b600060149054906101000a900460ff1681565b600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1663cb067320826040518263ffffffff1660e01b8152600401808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060206040518083038186803b15801561292057600080fd5b505afa158015612934573d6000803e3d6000fd5b505050506040513d602081101561294a57600080fd5b81019080805190602001909291905050506129cd576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252601a8152602001807f496e76616c696420636f6c6c61746572616c206164647265737300000000000081525060200191505060405180910390fd5b50565b6129d861472b565b600c60008473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002054816000018181525050600d60008473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060009054906101000a900473ffffffffffffffffffffffffffffffffffffffff16816020019073ffffffffffffffffffffffffffffffffffffffff16908173ffffffffffffffffffffffffffffffffffffffff1681525050806020015173ffffffffffffffffffffffffffffffffffffffff166370a08231306040518263ffffffff1660e01b8152600401808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060206040518083038186803b158015612b3957600080fd5b505afa158015612b4d573d6000803e3d6000fd5b505050506040513d6020811015612b6357600080fd5b8101908080519060200190929190505050816040018181525050806020015173ffffffffffffffffffffffffffffffffffffffff166307a2d13a82604001516040518263ffffffff1660e01b81526004018082815260200191505060206040518083038186803b158015612bd657600080fd5b505afa158015612bea573d6000803e3d6000fd5b505050506040513d6020811015612c0057600080fd5b8101908080519060200190929190505050816060018181525050612c35816000015182606001516139f190919063ffffffff16565b816080018181525050600e60008473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020019081526020016000205481608001511015612c955760008160800181815250505b612ce782600960008673ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020546139f190919063ffffffff16565b8160a001818152505060008160a0015114612d3057612d2b8160a00151612d1d612710846000015161414690919063ffffffff16565b6141cc90919063ffffffff16565b612d52565b7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff5b8160c0018181525050600b60008473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020548160e0018181525050612dd3612710612dc58360e001518460a0015161414690919063ffffffff16565b6141cc90919063ffffffff16565b81610160018181525050600c60008473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002054816101400181815250508060e001518160c00151118015612e595750600f54612e578260e001518360c001516139f190919063ffffffff16565b115b15612ef957612e7a81610160015182600001516139f190919063ffffffff16565b81610120018181525050612ea18161012001518261014001516139f190919063ffffffff16565b81610140018181525050806101400151600c60008573ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002081905550612fc8565b8060e001518160c00151108015612f2b5750600f54612f298260c001518360e001516139f190919063ffffffff16565b115b15612fc757612f4c81600001518261016001516139f190919063ffffffff16565b81610100018181525050612f73816101000151826101400151613b3b90919063ffffffff16565b81610140018181525050806101400151600c60008573ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020819055505b5b8060800151816101200151826101000151030381610180018181525050600081610180015113156131ae57613082600d60008573ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060009054906101000a900473ffffffffffffffffffffffffffffffffffffffff168261018001518573ffffffffffffffffffffffffffffffffffffffff16613bc39092919063ffffffff16565b600d60008473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16636e553f65826101800151306040518363ffffffff1660e01b8152600401808381526020018273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200192505050602060405180830381600087803b15801561316d57600080fd5b505af1158015613181573d6000803e3d6000fd5b505050506040513d602081101561319757600080fd5b81019080805190602001909291905050505061331c565b6000816101800151121561331b57600d60008473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1663b460af9482610180015160000330306040518463ffffffff1660e01b8152600401808481526020018373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020018273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020019350505050602060405180830381600087803b1580156132de57600080fd5b505af11580156132f2573d6000803e3d6000fd5b505050506040513d602081101561330857600080fd5b8101908080519060200190929190505050505b5b60008160800151146137b657613448600960008573ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020019081526020016000205461343a8361014001518673ffffffffffffffffffffffffffffffffffffffff166370a08231306040518263ffffffff1660e01b8152600401808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060206040518083038186803b1580156133f157600080fd5b505afa158015613405573d6000803e3d6000fd5b505050506040513d602081101561341b57600080fd5b8101908080519060200190929190505050613b3b90919063ffffffff16565b6139f190919063ffffffff16565b81608001818152505060008160800151146137b55761348a61271061347c601054846080015161414690919063ffffffff16565b6141cc90919063ffffffff16565b816101a00181815250506000816101a00151146134f4576134f3600760009054906101000a900473ffffffffffffffffffffffffffffffffffffffff16826101a001518573ffffffffffffffffffffffffffffffffffffffff16613d7e9092919063ffffffff16565b5b613521612710613513601254846080015161414690919063ffffffff16565b6141cc90919063ffffffff16565b816101c00181815250506000816101c00151146136515761358a600860009054906101000a900473ffffffffffffffffffffffffffffffffffffffff16826101c001518573ffffffffffffffffffffffffffffffffffffffff16613d7e9092919063ffffffff16565b600860009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1663d66274bc84836101c001516040518363ffffffff1660e01b8152600401808373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200182815260200192505050600060405180830381600087803b15801561363857600080fd5b505af115801561364c573d6000803e3d6000fd5b505050505b613684613671826101c00151836101a00151613b3b90919063ffffffff16565b82608001516139f190919063ffffffff16565b816101e00181815250506000816101e00151146137b4576136ed600460009054906101000a900473ffffffffffffffffffffffffffffffffffffffff16826101e001518573ffffffffffffffffffffffffffffffffffffffff16613d7e9092919063ffffffff16565b600460009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16634ee0a57884836101e001516040518363ffffffff1660e01b8152600401808373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200182815260200192505050600060405180830381600087803b15801561379b57600080fd5b505af11580156137af573d6000803e3d6000fd5b505050505b5b5b505050565b6000600360009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1663aff5917f6040518163ffffffff1660e01b815260040160206040518083038186803b15801561382557600080fd5b505afa158015613839573d6000803e3d6000fd5b505050506040513d602081101561384f57600080fd5b81019080805190602001909291905050509050600260009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff16148061390b5750600360009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff16145b8061394157508073ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff16145b806139995750600460009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff16145b6139ee576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252605381526020018061485a6053913960600191505060405180910390fd5b50565b6000613a3383836040518060400160405280601e81526020017f536166654d6174683a207375627472616374696f6e206f766572666c6f770000815250614216565b905092915050565b600260009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff161480613ae45750600360009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff16145b613b39576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260418152602001806147bf6041913960600191505060405180910390fd5b565b600080828401905083811015613bb9576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252601b8152602001807f536166654d6174683a206164646974696f6e206f766572666c6f77000000000081525060200191505060405180910390fd5b8091505092915050565b6000613cc3828573ffffffffffffffffffffffffffffffffffffffff1663dd62ed3e30876040518363ffffffff1660e01b8152600401808373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020018273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020019250505060206040518083038186803b158015613c7a57600080fd5b505afa158015613c8e573d6000803e3d6000fd5b505050506040513d6020811015613ca457600080fd5b8101908080519060200190929190505050613b3b90919063ffffffff16565b9050613d788463095ea7b360e01b8584604051602401808373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200182815260200192505050604051602081830303815290604052907bffffffffffffffffffffffffffffffffffffffffffffffffffffffff19166020820180517bffffffffffffffffffffffffffffffffffffffffffffffffffffffff83818316178352505050506142d6565b50505050565b613e318363a9059cbb60e01b8484604051602401808373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200182815260200192505050604051602081830303815290604052907bffffffffffffffffffffffffffffffffffffffffffffffffffffffff19166020820180517bffffffffffffffffffffffffffffffffffffffffffffffffffffffff83818316178352505050506142d6565b505050565b600073ffffffffffffffffffffffffffffffffffffffff168173ffffffffffffffffffffffffffffffffffffffff161415613ed9576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252601e8152602001807f4163636f756e742063616e6e6f74206265207a65726f2061646472657373000081525060200191505060405180910390fd5b6000813b905060008111613f55576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260208152602001807f4163636f756e7420636f64652073697a652063616e6e6f74206265207a65726f81525060200191505060405180910390fd5b5050565b600260009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff1614806140025750600560009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff16145b614057576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260318152602001806148ad6031913960400191505060405180910390fd5b565b614140846323b872dd60e01b858585604051602401808473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020018373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020018281526020019350505050604051602081830303815290604052907bffffffffffffffffffffffffffffffffffffffffffffffffffffffff19166020820180517bffffffffffffffffffffffffffffffffffffffffffffffffffffffff83818316178352505050506142d6565b50505050565b60008083141561415957600090506141c6565b600082840290508284828161416a57fe5b04146141c1576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260218152602001806148de6021913960400191505060405180910390fd5b809150505b92915050565b600061420e83836040518060400160405280601a81526020017f536166654d6174683a206469766973696f6e206279207a65726f0000000000008152506143c5565b905092915050565b60008383111582906142c3576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825283818151815260200191508051906020019080838360005b8381101561428857808201518184015260208101905061426d565b50505050905090810190601f1680156142b55780820380516001836020036101000a031916815260200191505b509250505060405180910390fd5b5060008385039050809150509392505050565b6060614338826040518060400160405280602081526020017f5361666545524332303a206c6f772d6c6576656c2063616c6c206661696c65648152508573ffffffffffffffffffffffffffffffffffffffff1661448b9092919063ffffffff16565b90506000815111156143c05780806020019051602081101561435957600080fd5b81019080805190602001909291905050506143bf576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252602a8152602001806148ff602a913960400191505060405180910390fd5b5b505050565b60008083118290614471576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825283818151815260200191508051906020019080838360005b8381101561443657808201518184015260208101905061441b565b50505050905090810190601f1680156144635780820380516001836020036101000a031916815260200191505b509250505060405180910390fd5b50600083858161447d57fe5b049050809150509392505050565b606061449a84846000856144a3565b90509392505050565b6060824710156144fe576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260268152602001806148346026913960400191505060405180910390fd5b6145078561464c565b614579576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252601d8152602001807f416464726573733a2063616c6c20746f206e6f6e2d636f6e747261637400000081525060200191505060405180910390fd5b600060608673ffffffffffffffffffffffffffffffffffffffff1685876040518082805190602001908083835b602083106145c957805182526020820191506020810190506020830392506145a6565b6001836020036101000a03801982511681845116808217855250505050505090500191505060006040518083038185875af1925050503d806000811461462b576040519150601f19603f3d011682016040523d82523d6000602084013e614630565b606091505b509150915061464082828661465f565b92505050949350505050565b600080823b905060008111915050919050565b6060831561466f57829050614724565b6000835111156146825782518084602001fd5b816040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825283818151815260200191508051906020019080838360005b838110156146e95780820151818401526020810190506146ce565b50505050905090810190601f1680156147165780820380516001836020036101000a031916815260200191505b509250505060405180910390fd5b9392505050565b60405180610200016040528060008152602001600073ffffffffffffffffffffffffffffffffffffffff1681526020016000815260200160008152602001600081526020016000815260200160008152602001600081526020016000815260200160008152602001600081526020016000815260200160008152602001600081526020016000815260200160008152509056fe416374697665506f6f6c3a2043616c6c6572206973206e65697468657220426f72726f7765724f7065726174696f6e73206e6f722054726f76654d616e616765725661756c7473206172726179206c656e677468206d757374206d61746368206e756d626572206f6620636f6c6c61746572616c73416464726573733a20696e73756666696369656e742062616c616e636520666f722063616c6c416374697665506f6f6c3a2043616c6c6572206973206e65697468657220426f72726f7765724f7065726174696f6e73206e6f722054726f76654d616e61676572206e6f722053746162696c697479506f6f6c416374697665506f6f6c3a2043616c6c6572206973206e65697468657220424f206e6f722044656661756c7420506f6f6c536166654d6174683a206d756c7469706c69636174696f6e206f766572666c6f775361666545524332303a204552433230206f7065726174696f6e20646964206e6f74207375636365656445786365656473206d617820616c6c6f7765642076616c7565206f662035303020425053a26469706673582212202db4c1b8560204f09ac3f13cdc91f9b39989db6dd333be10e837f6329ede6bcd64736f6c634300060b0033",
  "origin": "0xaffeaffeaffeaffeaffeaffeaffeaffeaffeaffe",
  "value": "0x0",
  "blockCoinbase": "0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa0",
  "blockDifficulty": "0x0",
  "blockGasLimit": "0x2ffffff",
  "blockNumber": "0x0",
  "blockTime": "0x0",
  "hasName": true,
  "failedToParse": false,
  "humanReadableInstruction": "undefined"
}
# Test
2. Call the function name setYieldDistributionParams
{
  "address": "0x0901d12ebe1b195e5aa8748e62bd7734ae19b51f",
  "gasLimit": "0xff000",
  "gasPrice": "0xab240044c",
  "input": "0x46a80441676f754a4ec930f0caaf5c5fa284271817e5b1dfc13b2000000000000000003c98908ab5b136cf0f3550a3a05d7bd8e7e75e4e203ec4e00000000000000026c30000000000000000000000000000000000bc000000000000000000000000001100000000000000000000000000000000",
  "origin": "0xaffeaffeaffeaffeaffeaffeaffeaffeaffeaffe",
  "value": "0x0",
  "blockCoinbase": "0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa0",
  "blockDifficulty": "0x0",
  "blockGasLimit": "0xff0000",
  "blockNumber": "0x1a9c5",
  "blockTime": "0x291c0b",
  "decodedInput": "setYieldDistributionParams(46785152935922590526799823103473039949827387116086935550960686428820177158204, 69006936301393604896771161905214867903441621397744223940902733845783059113667, 976151809404547594163733309893378065)",
  "name": "setYieldDistributionParams(uint256,uint256,uint256)",
  "hasDecodedInput": "setYieldDistributionParams(46785152935922590526799823103473039949827387116086935550960686428820177158204, 69006936301393604896771161905214867903441621397744223940902733845783059113667, 976151809404547594163733309893378065)",
  "hasName": true,
  "failedToParse": false,
  "humanReadableInstruction": "setYieldDistributionParams(46785152935922590526799823103473039949827387116086935550960686428820177158204, 69006936301393604896771161905214867903441621397744223940902733845783059113667, 976151809404547594163733309893378065)"
}
# Test
3. Finally call the function named setYieldDistributionParams again
{
  "address": "0x901d12ebe1b195e5aa8748e62bd7734ae19b51f",
  "blockCoinbase": "0xcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcb",
  "blockDifficulty": "0xa7d7343662e26",
  "blockGasLimit": "0x7d0000",
  "blockNumber": "0x66e393",
  "blockTime": "0x5bfa4639",
  "calldata": "0x46a80441a52017651fffffffffffffffffffffffff8ffffffffff80000000000000027103cd00954280000000000000000000000007000000000000000000000000000001e0fdf46b8000000000000000000000000000000000008000000000000000000",
  "gasLimit": "0x7d000",
  "gasPrice": "0x773594000",
  "input": "0x46a80441a52017651fffffffffffffffffffffffff8ffffffffff80000000000000027103cd00954280000000000000000000000007000000000000000000000000000001e0fdf46b8000000000000000000000000000000000008000000000000000000",
  "name": "setYieldDistributionParams(uint256,uint256,uint256)",
  "origin": "0xaffeaffeaffeaffeaffeaffeaffeaffeaffeaffe",
  "value": "0x0",
  "decodedInput": "setYieldDistributionParams(74688320588802445278720712186491384547504375998540598307549370952155322656528, 27506339489035020065422892624314504364627716782064476683640610082906091552768, 13597429159478730079427380197882018941137891885035489048267602972851715440640)",
  "hasDecodedInput": "setYieldDistributionParams(74688320588802445278720712186491384547504375998540598307549370952155322656528, 27506339489035020065422892624314504364627716782064476683640610082906091552768, 13597429159478730079427380197882018941137891885035489048267602972851715440640)",
  "hasName": true,
  "failedToParse": false,
  "humanReadableInstruction": "setYieldDistributionParams(74688320588802445278720712186491384547504375998540598307549370952155322656528, 27506339489035020065422892624314504364627716782064476683640610082906091552768, 13597429159478730079427380197882018941137891885035489048267602972851715440640)"
}
# PoC
ActivePool.setYieldDistributionParams(46785152935922590526799823103473039949827387116086935550960686428820177158204, 69006936301393604896771161905214867903441621397744223940902733845783059113667, 976151809404547594163733309893378065);

ActivePool.setYieldDistributionParams(74688320588802445278720712186491384547504375998540598307549370952155322656528, 27506339489035020065422892624314504364627716782064476683640610082906091552768, 13597429159478730079427380197882018941137891885035489048267602972851715440640);

Tools Used

Remix + Mythx

Recommended Mitigation Steps

It is recommended to use vetted safe math libraries for arithmetic operations consistently throughout the smart contract system.
c4-judge commented 1 year ago

trust1995 marked the issue as unsatisfactory: Invalid