c4-judge
commented
8 months ago Picodes marked the issue as satisfactory
Open c4-bot-5 opened 8 months ago
c4-judge
commented
8 months ago Picodes marked the issue as satisfactory
c4-judge
commented
8 months ago Picodes marked the issue as confirmed for report
Lines of code
Vulnerability details
Summary
H-04 talked about the possibility of the
virtualRewardsToAddbeing more thantype(uint128).maxand hence impacting reward variables here.Mitigation
All calculations related to rewards are now represented in
uint256. The attack was based on the ability of the first depositor to donate some SALT and cause the calculation to surpass the limit. This is not practically possible now due to the prerequisite values being ridiculously high.Conclusion
LGTM