The code uses arithmetic operations without explicitly checking for possible overflows or underflows

[code423n4]

Lines of code

https://github.com/code-423n4/2023-05-maia/blob/cfed0dfa3bebdac0993b1b42239b4944eb0b196c/src/erc-20/ERC20MultiVotes.sol#L43

Vulnerability details

Impact

The impact of the Integer Overflow/Underflow vulnerability can be summarized as follows:

• Data Inaccuracy: The vulnerability can lead to incorrect calculations and inaccurate data, potentially compromising the integrity of voting processes and other critical operations.

• Loss of Assets: An underflow or overflow can result in the loss of funds or tokens if balances or transfers are affected. Attackers may exploit this to drain user funds or disrupt the financial state of the contract.

• System Instability: The vulnerability can cause unexpected behavior or even crashes, disrupting the contract's normal operation and potentially leading to denial of service or loss of user funds.

• Security Exploitation: Malicious actors can exploit the vulnerability to manipulate the contract, tamper with voting results, gain unauthorized access, or perform other malicious activities.

• Reputation Damage: The presence of the vulnerability can erode user trust, damage the project's reputation, and deter potential users or investors from engaging with the contract.

Proof of Concept

The potential Integer Overflow/Underflow vulnerability can be found in the following line of code: LINK

return balanceOf[account] - userDelegatedVotes[account];

In this line, the subtraction operation (-) is performed between balanceOf[account] and userDelegatedVotes[account]. If balanceOf[account] is smaller than userDelegatedVotes[account], an underflow can occur, resulting in unexpected behavior and potential vulnerabilities.

Tools Used

Manual Review

Recommended Mitigation Steps

To fix the Integer Overflow/Underflow vulnerability in the code, we can add a check to ensure that balanceOf[account] is greater than or equal to userDelegatedVotes[account] before performing the subtraction operation. Here's an example of how we can modify the code to address this issue:

function freeVotes(address account) public view virtual returns (uint256) {
    uint256 accountBalance = balanceOf[account];
    uint256 delegatedVotes = userDelegatedVotes[account];

        if (accountBalance < delegatedVotes) {
            // Handle the error condition (e.g., revert, return a default value, etc.)
            revert("Insufficient account balance");
        }

        return accountBalance - delegatedVotes;
    }

By adding this check, the code ensures that the freeVotes function will only return a value if accountBalance is greater than or equal to delegatedVotes. If accountBalance is less than delegatedVotes, it will revert the transaction with an appropriate error message.

Assessed type

Under/Overflow

[c4-judge]

trust1995 marked the issue as unsatisfactory: Invalid