Integer overflow/underflow
Summary
The code doesn't directly check for overflow or underflow. It simply increments or decrements the count without any boundary checks. If countMartenitsaTokensOwner[owner] is already 0 (meaning the address owns zero tokens), then subtracting 1 would result in an underflow. In Solidity, underflow with unsigned integers (like uint) wraps around to the maximum value instead of throwing an error. If countMartenitsaTokensOwner[owner] is already at its maximum value for an unsigned integer (uint256), adding 1 to it will cause an integer overflow. Solidity doesn't automatically revert when an overflow occurs, so without additional checks, the overflow will result in unexpected behavior and potential security vulnerabilities
Vulnerability Details
file: src/MartenitsaToken.sol
function updateCountMartenitsaTokensOwner(address owner, string memory operation) external {
...
countMartenitsaTokensOwner[owner] += 1;
...
countMartenitsaTokensOwner[owner] -= 1;
...
}
Impact
An attacker may exploit an integer overflow to bypass access controls, mint tokens arbitrarily, or drain funds from the contract
Tools Used
Manual inspection
Recommendations
Use SafeMath library functions to perform arithmetic operations safely, ensuring that no overflow or underflow occurs.
Lead Judging Commences
underflow
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.