Open pirapira opened 5 years ago
Ran Mythril today, adding the two not already included in this issue:
==== Dependence on predictable environment variable ====
SWC ID: 120
Severity: Low
Contract: UserDeposit
Function name: withdraw(uint256)
PC address: 2482
Estimated Gas Usage: 27557 - 144126
A control flow decision is made based on a predictable variable.
The block.number environment variable is used in to determine a control flow decision. Note that the values of variables like coinbase, gaslimit, block number and timestamp are predictable and can be manipulated by a malicious miner. Also keep in mind that attackers know hashes of earlier blocks. Don't use any of those environment variables for random number generation or to make critical control flow decisions.
--------------------
In file: UserDeposit.sol:175
require(withdraw_plan.withdraw_block <= block.number, "withdrawing too early")
--------------------
==== Integer Overflow ====
SWC ID: 101
Severity: High
Contract: UserDeposit
Function name: planWithdraw(uint256)
PC address: 1781
Estimated Gas Usage: 12701 - 54467
The binary addition can overflow.
The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion.
--------------------
In file: UserDeposit.sol:159
block.number + withdraw_delay