Unchecked Multiplication in `Airdrop::claim()` Function (Risk of Overflow)
Medium
[M-1] Unchecked Multiplication in Airdrop::claim() Function (Risk of Overflow)
Description:
The Airdrop::claim() function in the Airdrop contract lacks explicit protection against potential overflow vulnerabilities when calculating the numberOfDaysInCouple and subsequently determining the token amount to distribute. This vulnerability arises due to the unchecked multiplication of numberOfDaysInCouple with 10 ** loveToken.decimals().
Impact:
The impact of this vulnerability is significant as it can lead to incorrect token amounts being distributed or even contract malfunction. If numberOfDaysInCouple becomes sufficiently large, the resulting token amount calculation could overflow, resulting in unexpected behavior or loss of funds.
Proof of Concept:
The Airdrop::claim() function, specifically the numberOfDaysInCouple. However, in the provided test case testInvariantStatelessFuzz_ClaimWillOverflow, the attempt to trigger an overflow.
PoC
Recommended Mitigation:
To mitigate this vulnerability, it's recommended to implement checks to prevent potential overflow scenarios. One approach is to use SafeMath or similar libraries to perform arithmetic operations safely. Additionally, consider validating input parameters and implementing sanity checks to ensure the integrity of calculations.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.