Unnecessary usage of SafeMath in vesting contracts
#107
Labels
bug
Something isn't working
duplicate
This issue or pull request already exists
G (Gas Optimization)
Comments
code423n4
added
0 (Non-critical)
0xean
added
G (Gas Optimization)
and removed
0 (Non-critical)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Handle
Ruhum
Vulnerability details
Impact
Solidity ^0.8.0 has built-in over- & underflow checks. You don't have to use OpenZeppelin's SafeMath library.
Proof of Concept
https://github.com/code-423n4/2021-11-bootfinance/blob/main/vesting/contracts/AirdropDistribution.sol#L20
https://github.com/code-423n4/2021-11-bootfinance/blob/main/vesting/contracts/AirdropDistribution.sol#L581-L582
https://github.com/code-423n4/2021-11-bootfinance/blob/main/vesting/contracts/InvestorDistribution.sol#L19
https://github.com/code-423n4/2021-11-bootfinance/blob/main/vesting/contracts/InvestorDistribution.sol#L171-L172
https://github.com/code-423n4/2021-11-bootfinance/blob/main/vesting/contracts/Vesting.sol#L20
Multiple calls to
add()andsub()inVesting.solTools Used
Manual Analysis
Recommended Mitigation Steps
Replace with basic solidity operations, e.g.
+and-, etc.The text was updated successfully, but these errors were encountered: