First Flight #16: Mafia Takedown
First Flight #16
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Arithmetic underflow error when calling `Shelf.sol::withdraw`

coffee

Summary

If a gang member calls Laundrette.sol::takeGuns or Laundrette.sol::withdrawMoney and they try to take more than they have deposited, then the call will fail with an arithmetic underflow error.

Vulnerability Details

Because there are no checks if the value being withdrawn is greater than the deposited amount, it can return with an arithmetic underflow error when calling Shelf.sol::withdraw.

function withdraw(address account, uint256 amount) public permissioned {
@> bank[account] -= amount;
}

Impact

The tests below fail with arithmetic underflow error's when a gang member tries to withdraw more than they have deposited.

//Arithmetic underflow
function test_WithdrawTooManyWeapon() public {
joinGang(address(this));
vm.prank(gang);
laundrette.takeGuns(gang, 3);
assertEq(weaponShelf.getAccountAmount(address(this)), 0);
}
//Arithmetic underflow
function test_WithdrawTooMuchMoney() public {
joinGang(address(this));
vm.prank(gang);
laundrette.withdrawMoney(gang, gang, 100e6);
assertEq(usdc.balanceOf(address(this)), 100e6);
assertEq(usdc.balanceOf(address(moneyShelf)), 0);
assertEq(crimeMoney.balanceOf(address(this)), 0);
}

Tools Used

--Foundry

Recommendations

It is recommended to add a check and revert if they are trying to withdraw more than they have deposited.

function withdraw(address account, uint256 amount) public permissioned {
+ require(amount < bank[account], "Unable to withdraw more than the deposited amount!");
bank[account] -= amount;
}
Updates

Lead Judging Commences

n0kto Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.