search

sherlock-audit / 2024-01-rio-vesting-escrow-judging

3 stars 2 forks source link

KeyKiril - No validation check might cause negative impact on the state of the contract in the `claim` function #50

Closed sherlock-admin closed 9 months ago

sherlock-admin commented 9 months ago

KeyKiril

medium

No validation check might cause negative impact on the state of the contract in the claim function

Summary

Without the validation check, the function will allow claims with amount of zero. This could lead to unexpected behaviour or undesired state changes in the contract.

Vulnerability Detail

The claim function appears to be designed to allow a recipient to claim vested tokens from the smart contract.

function claim(address beneficiary, uint256 amount) external onlyRecipient returns (uint256) {
        uint256 claimable = Math.min(unclaimed(), amount);
        totalClaimed += claimable;

        token().safeTransfer(beneficiary, claimable);
        emit Claim(beneficiary, claimable);

        return claimable;
    }

This is attack scenario:

Without the amount > 0 check, the totalClaimed variable could be incremented by a negative value if a malicious user sends a transaction with a negative amount. This could lead to unintended behaviour and negative values for totalClaimed, which may affect subsequent calculations and contract logic.

Including the check require(amount > 0, "Invalid amount") is a good practice to ensure that the amount parameter is valid and positive, preventing potential negative impacts on the contract's state.

Impact

Possible to fully block claim function. And no one will be able to claim their vested tokens.

Code Snippet

https://github.com/sherlock-audit/2024-01-rio-vesting-escrow/blob/main/rio-vesting-escrow/src/VestingEscrow.sol#L136C1-L136C1

Tool used

Manual Review

Recommendation

Consider adding a require check in the claim function. 

require(amount > 0, "Invalid amount");

This line ensures that the amount parameter is greater than zero before proceeding with the claim operation.

nevillehuang commented 9 months ago

Invalid, amount is an uint256 that cannot take negative values.

sherlock-admin2 commented 9 months ago

1 comment(s) were left on this issue during the judging contest.

pratraut commented:

'invalid as amount is of type uint256 which cant store negative values'