search

zlsecure3 / review_star

0 stars 0 forks source link

Airdrop's supplied check is flawed #35

Open zlsecure3 opened 1 year ago

zlsecure3 commented 1 year ago

subject

Airdrop's supplied check is flawed

description

In the Airdrop module, the airdrop function is used to airdrop Credits to users. It will check that the sum of the required airdrop Credit amount and the current total supply must be less than or equal to maxmium_supply. However, in the actual inspection, the >= operation symbol is used incorrectly, which will cause airdrop to not work as expected.

recommendation

It is recommended to change >= to <=.

Consider below fix in the Airdrop::airdrop function

assert!(amount + credit_service.supplied <= credit_service.maxmium_supply,SUPPLY_OVERFLOW);

locations

severity

Critical

damage

exploitability

category

Logical

system_generated: auditor:Kong7ych3 submission_id:1469202717

zlsecure3 commented 1 year ago

grading (edit)

submission_id:1469202717

review_type:GRADING

result: TBD-yes,no

rating: TBD-123

comment: TBD-Rejected,Accepted by Secure3.

severity: TBD-Critical,Medium,Low,Informational

category:

description:

zlsecure3 commented 1 year ago

client feedback (manual copy)

submission_id:1469202717

review_type:CLIENT_FEEDBACK

result: TBD-yes,no

severity: TBD-Critical,Medium,Low,Informational

comment:

zlsecure3 commented 1 year ago

client feedback decision(edit)

submission_id:1469202717

review_type:CLIENT_FEEDBACK_DECISION

result: TBD-yes,no,yes-honored,no-honored

severity: TBD-Critical,Medium,Low,Informational

comment: