Closed code423n4 closed 1 year ago
https://github.com/code-423n4/2023-03-zksync/blob/21d9a364a4a75adfa6f1e038232d8c0f39858a64/contracts/L2EthToken.sol#L85
calculating balance[address(this)] within unchecked will cause underflow.
Say if balance[address(this) == 1 and msg.value == 2, after calling withdraw, balance[address(this)] will be type(uint256).max
function underFlow(uint a, uint b) public pure returns(uint) { uint c; unchecked { c = a - b; } return c; }
VS
moving balance[address(this)] -= amount; out of unchecked
+ balance[address(this)] -= amount; unchecked { - balance[address(this)] -= amount; totalSupply -= amount; }
GalloDaSballo marked the issue as duplicate of #110
GalloDaSballo marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-03-zksync/blob/21d9a364a4a75adfa6f1e038232d8c0f39858a64/contracts/L2EthToken.sol#L85
Vulnerability details
Impact
calculating balance[address(this)] within unchecked will cause underflow.
Say if balance[address(this) == 1 and msg.value == 2, after calling withdraw, balance[address(this)] will be type(uint256).max
Proof of Concept
Tools Used
VS
Recommended Mitigation Steps
moving balance[address(this)] -= amount; out of unchecked