Starknet Auction

First Flight #26

Beginner FriendlyNFT

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

ERC20 tokens will cause an overflow

mwendwa

Summary

ERC20 tokens used in the auction that are more than uint64.max()will cause an overflow

Vulnerability Details

uint64 is so small amount to express an ERC20 token, we will not be able to actually use most of normal transfer functions.

type(uint64).max = 18_446_744_073_709_551_615 ~= 18.45e18.

Since the common decimal is 18, this means that if the amount of tokens to transfer/bid exceeds 18.45 we will not be able to recover them, as this will result in overflow.

If we say that the token amount worth 1$, this means that we will not be able to do the transfer that's worth 19$ or more.

Impact

this will result in the inability to use most of ERC20 transfers/bids because of extremely low data size for assets.

Tools Used

Manual review

Recommendations

Change the type of tokens to uint256 instead of uint64.

Updates

Lead Judging Commences

bube Lead Judge 9 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Incorrect use of type `u64` for `amount`

The type `u64` is not sufficient to represent more than 18.45 ERC20 tokens with 18 decimals

Rewards breakdown

nSLOC

132

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.