SafeMath is a library used to prevent integer overflow and underflow
Report ID
#23839
Report type
Smart Contract
Has PoC?
Yes
Target
Impacts
Contract fails to deliver promised returns, but doesn't lose value
Description
ERC20Burnable contract could potentially lead to a vulnerability. SafeMath is a library used to prevent integer overflow and underflow issues, which are common sources of vulnerabilities in Ethereum smart contracts.
In the burnFrom function, the contract subtracts amount from decreasedAllowance, and if the allowance is not sufficient (decreasedAllowance becomes negative), it will revert. This subtraction operation could potentially cause an integer underflow, leading to unexpected behavior.
To mitigate this potential vulnerability, you should include SafeMath operations when dealing with arithmetic operations involving unsigned integers. Here's how you can modify the burnFrom function to use SafeMath:
Proof of concept
function burnFrom(address account, uint256 amount) public virtual { uint256 currentAllowance = allowance(account, _msgSender()); require(currentAllowance >= amount, "ERC20: burn amount exceeds allowance");
uint256 decreasedAllowance = currentAllowance.sub(amount);
_approve(account, _msgSender(), decreasedAllowance);
_burn(account, amount);
BIC Response
This is not a valid bug report because SafeMath is already implemented in this case. This report appears to be spam.
Due to these reasons, we are closing the submission and no reward will be issued.