Skip to content

Possible Bugs, Vulnerabilities & Potential Exploits #2

New issue
New issue
Open
Open
Possible Bugs, Vulnerabilities & Potential Exploits#2
@nikhilsurfingaus

Description

@nikhilsurfingaus
nikhilsurfingaus
opened on Apr 24, 2023

Compiler Issue (Risk: Medium)

Smart contract is defined using the ^ operator for compiler version.

Resolve

Best practice to use static rather than dynamic compiler version as future versions could have unintended effects

pragma solidity ^0.8.0;

Proposed Solution

pragma solidity 0.8.0;

Overflow/Underflow Issue (Risk: Low)

Loop Integer Overflow/Underflow Bug Detected

Resolve

When using uint for/while loop avoid >= or <= that could cause infinite loop. Instead use >, <, == or != loop operators. Careful when using uint within loop as could cause infinite loop check no constant true condition can evaluate.

        for (uint i = 0; i < len && i <= 2; i++) {
            addresses[i] = _stakers[i].wallet;
            amounts[i] = _stakers[i].amount;
        }
        for (uint i = startIndex; i <= endIndex && i < _stakers.length; i++) {
            totalAmount +=  _stakers[i].amount;
        }
        for (uint256 i= currentIndex ; i < _stakers.length-1 ; i++) {
            _stakers[i] = _stakers[i+1];
            _stakers[i].index_at = _stakers[i].index_at.sub(1);
            _indexStaker[_stakers[i].wallet] = _stakers[i].index_at;
        }

Overflow/Underflow Issue (Risk: Medium)

Integer Overflow/Underflow Bug Detected

Resolve

Use SafeMath library operation .mul, .sub, .add, .div to minimise vulnerbaility

        _apyStruct = GraphLinqApyStruct(50*1e18, 25*1e18, 12500000000000000000);
        GlqStaker storage staker = _stakers[index - 1];

        uint256 _numerator  = numerator * 10 ** (precision+1);
        uint256 _quotient =  ((_numerator / denominator) + 5) / 10;

Block Gas Limit Bug (Risk: Medium)

Avoid loop of unknown size that could grow and cause DoS vulnerability

Resolve

        for (uint i = startIndex; i <= endIndex && i < _stakers.length; i++) {
            totalAmount +=  _stakers[i].amount;
        }        

        for (uint256 i= currentIndex ; i < _stakers.length-1 ; i++) {
            _stakers[i] = _stakers[i+1];
            _stakers[i].index_at = _stakers[i].index_at.sub(1);
            _indexStaker[_stakers[i].wallet] = _stakers[i].index_at;
        }

Zero Address Check Bug (Risk: Low)

Check address is not zero using require, address variable and checking it is not equal to either 'address(0)', '0x0' or 'address(0x0)'

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions