You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
uint256(-1) is used in the function initialize of PrizePool.sol to indicate the max uint256 value. Solidity also allows type(uint256).max), which is easier to read.
Handle
gpersoon
Vulnerability details
Impact
uint256(-1) is used in the function initialize of PrizePool.sol to indicate the max uint256 value. Solidity also allows type(uint256).max), which is easier to read.
Proof of Concept
// https://github.com/code-423n4/2021-06-pooltogether/blob/main/contracts/PrizePool.sol#L233
function initialize (
...
_setLiquidityCap(uint256(-1));
Tools Used
Recommended Mitigation Steps
Replace uint256(-1) with:
type(uint256).max)
The text was updated successfully, but these errors were encountered: