Steadefi

Summary

The documentation explicitly mentions the utilization of UNI tokens as part of the ERC20 tokens to be employed. It's important to note that UNI tokens exhibit a peculiar characteristic where they trigger a revert in cases of transfers involving more than 2^96 UNI tokens, as evidenced in this GitHub issue:
https://github.com/d-xo/weird-erc20#revert-on-large-approvals--transfers.
This limitation poses a risk, as users may accumulate more than 2^96 UNI tokens in their wallets. Consequently, various operations, including withdrawals that aim to transfer a user's balance, will consistently result in a revert, potentially leading to a Denial of Service (DOS) scenario.

Vulnerability Details

The contract uses the balanceOf() function to verify the callers's token balance before proceeding with a transfer. However, the balanceOf() function returns a uint256 value. This means that the maximum value that can be represented by the balanceOf() function is 2^256 - 1.

The UNI token contract sets a transfer limit at 2^96 UNI tokens. Although users can amass more than 2^96 UNI tokens in their wallets, any transfer beyond this cap will result in a transaction revert. This occurs because the balanceOf() function returns a value that exceeds the maximum capacity of a uint96.

This vulnerability holds a high-severity rating due to its potential to inflict financial losses on users. Individuals who accumulate over 2^96 UNI tokens may risk losing their tokens, facing a Denial of Service (DOS) revert when attempting transfers or withdrawals of their token balances.

Impact

The transfer or withdrawal will revert if UNI tokens exceeds 2^96.

Tools Used

Manual analysis

Recommendations

Contracts interacting with UNI tokens should be designed to verify the token balance of users before initiating transfers or withdrawals. This verification can help prevent accidental reverts due to exceeding the transfer limit.