First Flight #2: Puppy Raffle
First Flight #2
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

TotalFees integer overflow

ezerez

Summary

Fees calculation during the selectWinner can lead to integer overflow when calculating the totalFees.

Vulnerability Details

There are two problems with fees calculation here totalFees = totalFees + uint64(fee); at line 134.

  1. If uint256 fee is converted to uint64, and the value of fee is greater than 2^(64-1) (max value of uint64), then integer overflow will happen, leading to the wrapping of the final value, which will be equal to fee % 2^(64-1), and uint64(fee) will lead to wrong value.

  2. If totalFees + uint64(fee) will exceed the max value uint64, then another overflow will happen, since the sum is not validated, like in SafeMath libs, since the Solidity version is lower than 0.8.0

Impact

  • Invalid values of totalFees

  • Owner of the contract cannot withdraw fees, since withdrawFee validates the smart contract balance is equal to totalFees

Recommendations

  • Use SafeMath lib to handle integer overflows correctly

  • Set totalFees as uint256, since all other variables are uint256 and sums will likely cause overflow. Keep variable types consistent.

Updates

Lead Judging Commences

Hamiltonite Lead Judge about 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

overflow-uint64

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!