Missing Overflow Protection On the DeployedCapital

[code423n4]

Handle

defsec

Vulnerability details

Impact

An overflow/underflow happens when an arithmetic operation reaches the maximum or minimum size of a type. For instance if a number is stored in the uint8 type, it means that the number is stored in a 8 bits unsigned number ranging from 0 to 2^8-1. In computer programming, an integer overflow occurs when an arithmetic operation attempts to create a numeric value that is outside of the range that can be represented with a given number of bits – either larger than the maximum or lower than the minimum representable value.

On the SwingTrader.sol contract, Some of the internal variables doesn't have overflow protection although the safemath library has been used.

Proof of Concept

1. Navigate to the following contract.

  function buyMalt(uint256 maxCapital)
    external
    onlyRole(STABILIZER_NODE_ROLE, "Must have stabilizer node privs")
    returns (uint256 capitalUsed)
  {
    if (maxCapital == 0) {
      return 0;
    }

    uint256 balance = collateralToken.balanceOf(address(this));

    if (balance == 0) {
      return 0;
    }

    if (maxCapital < balance) {
      balance = maxCapital;
    }

    collateralToken.safeTransfer(address(dexHandler), balance);
    dexHandler.buyMalt();

    deployedCapital = deployedCapital + balance;

    return balance;
  }

2. DeployedCapital can be overflowed via balance add operation.

Tools Used

None

Recommended Mitigation Steps

Consider to use the following statement.

    deployedCapital = deployedCapital.add(balance);

[0xScotch]

If deployedCapital here overflows a uint256 then there are many other issues for the blockchain as the DAI supply has overflowed

[GalloDaSballo]

The sponsor acknowledges, but in their reply they show that they don't need the overflow check.
I'd recommend the sponsor to add a comment on the decision and be done with it.
Will mark as valid, but if the sponsor disputed i would have sided with them