File location:
The 'decodeSingle' function in the 'ExecLib' contract allows setting state variable values without a maximum limit, which can lead to exploits by providing very large values. This can impact the security and integrity of the contract.
In the 'ExecLib' contract, the 'decodeSingle' function does not limit the maximum value that can be assigned to the 'value' variable. When very large values are assigned, this can cause integrity issues with the contract, including potential overflow attacks or unintended resource utilization.
Overflow attack.
Excessive gas consumption.
Potential damage to contract logic.
Inspection manual
Solidity
Code snippet:
L32-L36
Fixed code:
To fix the problem, you can add logic to ensure that the 'value' value is within reasonable limits. For example, you can set a maximum limit for 'value'.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.