Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible Bugs, Vulnerabilities & Potential Exploits #2

Open
nikhilsurfingaus opened this issue Apr 24, 2023 · 0 comments
Open

Possible Bugs, Vulnerabilities & Potential Exploits #2

nikhilsurfingaus opened this issue Apr 24, 2023 · 0 comments

Comments

@nikhilsurfingaus
Copy link

Compiler Issue (Risk: Medium)

Smart contract is defined using the ^ operator for compiler version.

Resolve

Best practice to use static rather than dynamic compiler version as future versions could have unintended effects

pragma solidity ^0.8.0;

Proposed Solution

pragma solidity 0.8.0;

Overflow/Underflow Issue (Risk: Low)

Loop Integer Overflow/Underflow Bug Detected

Resolve

When using uint for/while loop avoid >= or <= that could cause infinite loop. Instead use >, <, == or != loop operators. Careful when using uint within loop as could cause infinite loop check no constant true condition can evaluate.

        for (uint i = 0; i < len && i <= 2; i++) {
            addresses[i] = _stakers[i].wallet;
            amounts[i] = _stakers[i].amount;
        }
        for (uint i = startIndex; i <= endIndex && i < _stakers.length; i++) {
            totalAmount +=  _stakers[i].amount;
        }
        for (uint256 i= currentIndex ; i < _stakers.length-1 ; i++) {
            _stakers[i] = _stakers[i+1];
            _stakers[i].index_at = _stakers[i].index_at.sub(1);
            _indexStaker[_stakers[i].wallet] = _stakers[i].index_at;
        }

Overflow/Underflow Issue (Risk: Medium)

Integer Overflow/Underflow Bug Detected

Resolve

Use SafeMath library operation .mul, .sub, .add, .div to minimise vulnerbaility

        _apyStruct = GraphLinqApyStruct(50*1e18, 25*1e18, 12500000000000000000);
        GlqStaker storage staker = _stakers[index - 1];

        uint256 _numerator  = numerator * 10 ** (precision+1);
        uint256 _quotient =  ((_numerator / denominator) + 5) / 10;

Block Gas Limit Bug (Risk: Medium)

Avoid loop of unknown size that could grow and cause DoS vulnerability

Resolve

        for (uint i = startIndex; i <= endIndex && i < _stakers.length; i++) {
            totalAmount +=  _stakers[i].amount;
        }        

        for (uint256 i= currentIndex ; i < _stakers.length-1 ; i++) {
            _stakers[i] = _stakers[i+1];
            _stakers[i].index_at = _stakers[i].index_at.sub(1);
            _indexStaker[_stakers[i].wallet] = _stakers[i].index_at;
        }

Zero Address Check Bug (Risk: Low)

Check address is not zero using require, address variable and checking it is not equal to either 'address(0)', '0x0' or 'address(0x0)'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nikhilsurfingaus