zlsecure3 / review_star

0 stars 0 forks source link

The logic of `assert` is wrong. #28

Open zlsecure3 opened 1 year ago

zlsecure3 commented 1 year ago

subject

The logic of assert is wrong.

description

The logic of assert!(amount + credit_service.supplied >= credit_service.maxmium_supply,SUPPLY_OVERFLOW); is wrong. This assert cause the amount of airdrops exceeds the set maximum maxmium_supply. For example, the value of maxmium_supply is 100, and supplied is 0. The amount must be no less than 100.

recommendation

It is recommended to modify the code(Line 40) to assert!(amount + credit_service.supplied <= credit_service.maxmium_supply,SUPPLY_OVERFLOW);.

locations

severity

Critical

damage

exploitability

category

Logical


system_generated: auditor:0xac submission_id:1466810144

zlsecure3 commented 1 year ago

grading (edit)


submission_id:1466810144


review_type:GRADING


result: TBD-yes,no


rating: TBD-123


comment: TBD-Rejected,Accepted by Secure3.


severity: TBD-Critical,Medium,Low,Informational


category:


description:


zlsecure3 commented 1 year ago

client feedback (manual copy)


submission_id:1466810144


review_type:CLIENT_FEEDBACK


result: TBD-yes,no


severity: TBD-Critical,Medium,Low,Informational


comment:


zlsecure3 commented 1 year ago

client feedback decision(edit)


submission_id:1466810144


review_type:CLIENT_FEEDBACK_DECISION


result: TBD-yes,no,yes-honored,no-honored


severity: TBD-Critical,Medium,Low,Informational


comment: