First Flight #2: Puppy Raffle

First Flight #2

Beginner FriendlyFoundryNFT

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

Overflow Vulnerability in totalFees Variable

Chandr

Summary

The smart contract features an overflow vulnerability associated with the totalFees variable. The use of a uint64 data type limits the variable's capacity, potentially causing inaccuracies in the contract's financial data and, in some cases, leading to losses.

Vulnerability Details

The totalFees variable is declared with the uint64 data type, which can represent values up to 18,446,744,073,709,551,615. In a scenario where the contract accumulates more fees than this maximum value (equivalent to approximately 18 ether), an overflow will occur. This overflow leads to an inaccurate representation of the actual contract balance and can result in a loss of funds.

Additionally, when converting uint256 to uint64 in the line totalFees = totalFees + uint64(fee);, the conversion might lead to data loss if the fee value is greater than the maximum value representable by a uint64.

Impact

Inaccurate Financial Data: The totalFees variable will not reflect the true contract balance if the accumulated fees exceed its maximum value. This could mislead users and affect contract operations.
Data Loss: Converting uint256 values to uint64 when updating totalFees can result in a loss of fee data if the fees are substantial.
Loss of Funds: Overflowing totalFees can lead to a situation where funds are unaccounted for, posing financial risks to the contract and users.

Tools Used

manual

Recommendations

Use SafeMath Library: Implement the SafeMath library to handle arithmetic operations securely. This will prevent overflow and data loss issues.
Change Data Type: If the contract expects to accumulate fees exceeding the capacity of uint64, consider changing the data type of totalFees to uint256 to ensure accuracy and prevent overflow.
Data Validation: Implement checks to validate the inputs and outputs of the contract to ensure that data consistency and accuracy are maintained.
Regular Audits and Testing: Conduct regular audits and testing, particularly in scenarios where fees could potentially exceed the uint64 limit.
Documentation: Ensure that the contract's financial data management, including fee accumulation and handling, is well-documented to guide future developers and auditors.

Updates

Lead Judging Commences

Hamiltonite Lead Judge almost 2 years ago

Submission Judgement Published

Validated

Assigned finding tags:

overflow-uint64

Rewards breakdown

nSLOC

143

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.