Closed sherlock-admin2 closed 7 months ago
ZdravkoHr.
high
TokenSale.calculateMaxAllocation()
Instead of using the maxAllocation as a ceiling for deposits, its used as a floor.
maxAllocation
TokenSale.calculateMaxAllocation() will return $max(userAllocation, maxAllocation)$. This means that users can deposit over the maxAllocation limit.
Breaks a core invariant of the protocol and leads to unfair distribution.
function calculateMaxAllocation(address _sender) public returns (uint256) { uint256 userMaxAllc = _maxTierAllc(_sender); if (userMaxAllc > maxAllocation) { return userMaxAllc; } else { return maxAllocation; } }
Manual Review
function calculateMaxAllocation(address _sender) public returns (uint256) { uint256 userMaxAllc = _maxTierAllc(_sender); - if (userMaxAllc > maxAllocation) { + if (userMaxAllc < maxAllocation) { return userMaxAllc; } else { return maxAllocation; } }
ZdravkoHr.
high
Users able to deposit over maxAllocation because of wrong implementation of
TokenSale.calculateMaxAllocation()Summary
Instead of using the
maxAllocationas a ceiling for deposits, its used as a floor.Vulnerability Detail
TokenSale.calculateMaxAllocation()will return $max(userAllocation, maxAllocation)$. This means that users can deposit over the maxAllocation limit.Impact
Breaks a core invariant of the protocol and leads to unfair distribution.
Code Snippet
Tool used
Manual Review
Recommendation