Description:Description\
The Vesting smart contract, designed for distributing tokens with vesting, contains a potential vulnerability related to the init function due to the absence of the safeMath library. This function allows specifying _initialUnlock percentage to unlock a part of tokens immediately after initialization.
Attack Scenario\
An attacker can exploit a vulnerability in the Vesting contract's registerUsers function to manipulate the totalRegisteredAmount.The attacker deploys a helper malicious contract.exploitOverflow. with the address of the target Vesting contract.The attacker creates two arrays:
1)users( Contains two special addresses (often 0 addresses))
2) amounts (Contains two values):
type(uint256).max: The largest possible uint256 value.
1: A small value.
Then the attacker calls contract.exploitOverflow.This calls vestingContract.registerUsers(users, amounts). In the registerUsers loop, adding type(uint256).max to totalRegisteredAmount causes an overflow.
The overflow resets totalRegisteredAmount to a much smaller value. The vulnerability could lead to unfair token distribution.
Github username: -- Twitter username: -- Submission hash (on-chain): 0x2298a7229249126b148bc078af30dd6aa987e7b617224c045c4068f1e437844d Severity: high
Description: Description\ The Vesting smart contract, designed for distributing tokens with vesting, contains a potential vulnerability related to the init function due to the absence of the safeMath library. This function allows specifying _initialUnlock percentage to unlock a part of tokens immediately after initialization.
Attack Scenario\ An attacker can exploit a vulnerability in the Vesting contract's registerUsers function to manipulate the totalRegisteredAmount.The attacker deploys a helper malicious contract.exploitOverflow. with the address of the target Vesting contract.The attacker creates two arrays: 1)users( Contains two special addresses (often 0 addresses)) 2) amounts (Contains two values):
Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)
Files: