Exploit Overflow of Vesting Contract

[hats-bug-reporter[bot]]

Github username: -- Twitter username: -- Submission hash (on-chain): 0x2298a7229249126b148bc078af30dd6aa987e7b617224c045c4068f1e437844d Severity: high

Description: Description\ The Vesting smart contract, designed for distributing tokens with vesting, contains a potential vulnerability related to the init function due to the absence of the safeMath library. This function allows specifying _initialUnlock percentage to unlock a part of tokens immediately after initialization.

Attack Scenario\ An attacker can exploit a vulnerability in the Vesting contract's registerUsers function to manipulate the totalRegisteredAmount.The attacker deploys a helper malicious contract.exploitOverflow. with the address of the target Vesting contract.The attacker creates two arrays: 1)users( Contains two special addresses (often 0 addresses)) 2) amounts (Contains two values):

• type(uint256).max: The largest possible uint256 value.
• 1: A small value. Then the attacker calls contract.exploitOverflow.This calls vestingContract.registerUsers(users, amounts). In the registerUsers loop, adding type(uint256).max to totalRegisteredAmount causes an overflow. The overflow resets totalRegisteredAmount to a much smaller value. The vulnerability could lead to unfair token distribution.

Attachments

1. Proof of Concept (PoC) File

2. Revised Code File (Optional)

Files:

• Revised.sol (https://hats-backend-prod.herokuapp.com/v1/files/QmQENg9Ba7fQ7n9hZ6jkvD3i5EbVLbfJAZDyEYUNvyVfcx)
• Proof.sol (https://hats-backend-prod.herokuapp.com/v1/files/QmZXru26zKLeNKgZbHd54fsNCn4qMXC5LGxMuJt3WrSB7k)

[0xRektora]

• Vesting is only owner.
• type(uint256).max is an unrealistic value.
• Causing an overflow will simply revert the function.