Closed sherlock-admin closed 5 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid
Invalid, deposit amounts will not reach that kind of level given rETH supply. For your info that number is uint256.max
Fair enough if deposit amounts can never reach that kind of level given rETH supply, so no risk to protocol then.
And thanks for pointing out that the number that was causing all the reverts during fuzzing is actually uint256.max. Makes sense now. 👀
JP_Courses
medium
Arithmetic underflow/overflow when deposit amount is +- 1.157e77
Summary
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/DelayedOrder.sol#L524-L568
Arithmetic underflow/overflow when deposit amount is around
115792089237316195423570985008687907853269984665640564039457584007913129639933
Vulnerability Detail
ANOTHER TEST WITH DIFFERENT DEPOSIT, ALTHOUGH THIS IS MORE THE EXCEPTION:
Impact
Reverts or panics, tx doesn't complete.
Code Snippet
TEST FUNCTION:
Tool used
Foundry's fuzzer. Manual Review
Recommendation
Needs further investigation as I didn't have enough time to get to the bottom of why this is happening as well as overall impacts on the protocol & users.