The payback() function takes the value of the incoming payment (in msg.value) and converts it to a uint96 (an unsigned 96-bit integer) using the toUint96() method. The converted value is then added to an internal variable called $_payback.if the payback function is called multiple times and the values sent in each call are added to the $_payback variable without checking for overflow.
Vulnerability Detail
There is a potential security issue with below code related to integer overflow. In Solidity, uint96 is an unsigned integer type that can hold values from 0 to 2^96-1, which is a very large number. However, if the payback function is called multiple times and the values sent in each call are added to the $_payback variable without checking for overflow, the variable may eventually exceed its maximum value . This can lead to unexpected behavior in the contract. To prevent this, it is important to check the value of $_payback before adding any new values and to take appropriate measures to avoid integer overflow.
Bauer
medium
Overflow error
Summary
The
payback()
function takes the value of the incoming payment (in msg.value) and converts it to a uint96 (an unsigned 96-bit integer) using the toUint96() method. The converted value is then added to an internal variable called $_payback.if the payback function is called multiple times and the values sent in each call are added to the $_payback variable without checking for overflow.Vulnerability Detail
There is a potential security issue with below code related to integer overflow. In Solidity, uint96 is an unsigned integer type that can hold values from 0 to 2^96-1, which is a very large number. However, if the payback function is called multiple times and the values sent in each call are added to the $_payback variable without checking for overflow, the variable may eventually exceed its maximum value . This can lead to unexpected behavior in the contract. To prevent this, it is important to check the value of $_payback before adding any new values and to take appropriate measures to avoid integer overflow.
Impact
Overflow error
Code Snippet
https://github.com/sherlock-audit/2023-04-splits/blob/main/splits-swapper/src/SwapperImpl.sol#L197-L200
Tool used
Manual Review
Recommendation
Check the value of $_payback before adding any new values