No protections against underflows while executing withdraw()
In the withdraw
function of the Staking.sol
contract, the amount _amount
is deducted from the staker's balance without any preliminary checks on whether the staker's balance is sufficient for the deduction. The omission of this check can lead to potential underflows, especially in the scenario where _amount
surpasses balances[msg.sender]
.
While Solidity version 0.8.x does automatically revert transactions in the event of an underflow, the absence of an explicit check may lead to confusion for users. Additionally, unnecessary gas could be expended due to the revert, increasing transaction costs for end-users.
Manual Audit
Add a requirement to ensure the staker's balance (balances[msg.sender]
) is greater than or equal to _amount
prior to any deductions.
Idea for adjusted code:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.