Steadefi
Steadefi
DeFiHardhatFoundryOracle
35,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Transfer Limit of UNI Tokens May Lead to a DoS and Token Loss Risk

ro1sharkm

Summary

Users who accumulate more than 2^96 UNI tokens may lose their tokens because transfers above that will always revert.

Vulnerability Details

The UNI token contract imposes a transfer limit, restricting the maximum amount of tokens that can be transferred in a single transaction to 2^96 UNI tokens. Any transfer exceeding this threshold will trigger a transaction revert. The contract relies on the balanceOf function to verify the sender's token balance before proceeding with a transfer.

self.tokenA.safeTransfer(self.withdrawCache.user, self.tokenA.balanceOf(address(this)));

such a transfer will always revert for balances above 2^96 UNI tokens

https://github.com/d-xo/weird-erc20#revert-on-large-approvals--transfers

Impact

Users who accumulate more than 2^96 UNI tokens may lose their tokens due to a DOS revert when attempting to withdraw their token balance.

Tools Used

https://github.com/d-xo/weird-erc20#revert-on-large-approvals--transfers

Recommendations

Contracts should always check the amount of UNI being transferred before processing the transaction.

Updates

Lead Judging Commences

hans Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

UNI token transfer limit 2^96

The likelihood is very low.

hans Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

UNI token transfer limit 2^96

The likelihood is very low.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.