DittoETH
Ditto
DeFiFoundryOracle
55,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Underflow

akriosss

Summary

Underflow

Vulnerability Details

The vulnerability in lines 13 to 16 is related to the function burnMsgSenderDebt. The function burns the debt of the message sender without checking if the sender has enough balance to cover the debt. This could potentially lead to an underflow error if the sender's balance is less than the debt. The function does check if the wallet balance is less than the debt and reverts if true, but it does not prevent the function from being called in the first place. This could be exploited by an attacker to cause unexpected behavior in the contract.

Tools Used

vscode

Recommendations

The issue can be resolved by adding a require statement at the beginning of the burnMsgSenderDebt function to ensure that the function can only be called if the sender's balance is greater than or equal to the debt. This will prevent the function from being called if the sender does not have enough balance to cover the debt, thus preventing potential underflow errors. Here is the recommended code:

function burnMsgSenderDebt(address asset, uint88 debt) internal {
IAsset tokenContract = IAsset(asset);
uint256 walletBalance = tokenContract.balanceOf(msg.sender);
require(walletBalance >= debt, "Insufficient balance to cover debt");
if (walletBalance < debt) revert Errors.InsufficientWalletBalance();
tokenContract.burnFrom(msg.sender, debt);
assert(tokenContract.balanceOf(msg.sender) < walletBalance);
}

This code will ensure that the function can only be called if the sender has enough balance to cover the debt, thus preventing potential underflow errors.

Updates

Lead Judging Commences

0xnevi Lead Judge
over 1 year ago
0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.