📄

Report #23839

Report Date
September 3, 2023
Status
Closed
Payout

SafeMath is a library used to prevent integer overflow and underflow

Report Info

Report ID

#23839

Report type

Smart Contract

Has PoC?

Yes

Target

Impacts

Contract fails to deliver promised returns, but doesn't lose value

Description

ERC20Burnable contract could potentially lead to a vulnerability. SafeMath is a library used to prevent integer overflow and underflow issues, which are common sources of vulnerabilities in Ethereum smart contracts.

In the burnFrom function, the contract subtracts amount from decreasedAllowance, and if the allowance is not sufficient (decreasedAllowance becomes negative), it will revert. This subtraction operation could potentially cause an integer underflow, leading to unexpected behavior.

To mitigate this potential vulnerability, you should include SafeMath operations when dealing with arithmetic operations involving unsigned integers. Here's how you can modify the burnFrom function to use SafeMath:

Proof of concept

function burnFrom(address account, uint256 amount) public virtual { uint256 currentAllowance = allowance(account, _msgSender()); require(currentAllowance >= amount, "ERC20: burn amount exceeds allowance");

uint256 decreasedAllowance = currentAllowance.sub(amount);
_approve(account, _msgSender(), decreasedAllowance);
_burn(account, amount);

BIC Response

This is not a valid bug report because SafeMath is already implemented in this case. This report appears to be spam.

Due to these reasons, we are closing the submission and no reward will be issued.