search

code-423n4 / 2023-10-wildcat-findings

12 stars 9 forks source link

An underflow occurred during the token transfer. #712

Closed c4-submissions closed 10 months ago

c4-submissions commented 10 months ago

Lines of code

https://github.com/code-423n4/2023-10-wildcat/blob/main/src/market/WildcatMarketToken.sol#L41-L57

Vulnerability details

Impact

An underflow can occur during a token transfer when there is insufficient allowance.

Proof of Concept

https://github.com/code-423n4/2023-10-wildcat/blob/main/src/market/WildcatMarketToken.sol#L41-L57

  function transferFrom(
    address from,
    address to,
    uint256 amount
  ) external virtual nonReentrant returns (bool) {
    uint256 allowed = allowance[from][msg.sender];

    // Saves gas for unlimited approvals.
    if (allowed != type(uint256).max) {
      uint256 newAllowance = allowed - amount;
      _approve(from, msg.sender, newAllowance);
    }

    _transfer(from, to, amount);

    return true;
  }

In this function, an underflow may occur with the line: uint256 newAllowance = allowed - amount; This will result in an invalid operation.

Tools Used

Recommended Mitigation Steps

To prevent this case, you should include a require statement. Here's how you can modify the code:

require(allowed >= amount, "Insufficient allowance");
uint256 newAllowance = allowed - amount;

Assessed type

Under/Overflow

c4-pre-sort commented 10 months ago

minhquanym marked the issue as low quality report

minhquanym commented 10 months ago

Invalid

c4-judge commented 10 months ago

MarioPoneder marked the issue as unsatisfactory: Invalid