Starknet Auction

First Flight #26
Beginner FriendlyNFT
100 EXP
View results
Submission Details
Severity: high
Valid

ERC20 tokens will cause an overflow

Summary

ERC20 tokens used in the auction that are more than uint64.max()will cause an overflow

Vulnerability Details

uint64 is so small amount to express an ERC20 token, we will not be able to actually use most of normal transfer functions.

type(uint64).max = 18_446_744_073_709_551_615 ~= 18.45e18.

Since the common decimal is 18, this means that if the amount of tokens to transfer/bid exceeds 18.45 we will not be able to recover them, as this will result in overflow.

If we say that the token amount worth 1$, this means that we will not be able to do the transfer that's worth 19$ or more.

Impact

this will result in the inability to use most of ERC20 transfers/bids because of extremely low data size for assets.

Tools Used

Manual review

Recommendations

Change the type of tokens to uint256 instead of uint64.

Updates

Lead Judging Commences

bube Lead Judge 9 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Incorrect use of type `u64` for `amount`

The type `u64` is not sufficient to represent more than 18.45 ERC20 tokens with 18 decimals

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.