Skip to content
This repository has been archived by the owner on Sep 22, 2024. It is now read-only.

ZdravkoHr. - Users able to deposit over maxAllocation because of wrong implementation of TokenSale.calculateMaxAllocation() #167

Closed
sherlock-admin2 opened this issue Mar 20, 2024 · 0 comments
Closed

ZdravkoHr. - Users able to deposit over maxAllocation because of wrong implementation of TokenSale.calculateMaxAllocation() #167

sherlock-admin2 opened this issue Mar 20, 2024 · 0 comments
Labels
Non-Reward This issue will not receive a payout

Comments

@sherlock-admin2
Copy link

sherlock-admin2 commented Mar 20, 2024
edited by Evert0x
Loading

ZdravkoHr.

high

Users able to deposit over maxAllocation because of wrong implementation of TokenSale.calculateMaxAllocation()

Summary

Instead of using the maxAllocation as a ceiling for deposits, its used as a floor.

Vulnerability Detail

TokenSale.calculateMaxAllocation() will return $max(userAllocation, maxAllocation)$. This means that users can deposit over the maxAllocation limit.

Impact

Breaks a core invariant of the protocol and leads to unfair distribution.

Code Snippet

    function calculateMaxAllocation(address _sender) public returns (uint256) {
        uint256 userMaxAllc = _maxTierAllc(_sender);

        if (userMaxAllc > maxAllocation) {
            return userMaxAllc;
        } else {
            return maxAllocation;
        }
    }

Tool used

Manual Review

Recommendation

    function calculateMaxAllocation(address _sender) public returns (uint256) {
        uint256 userMaxAllc = _maxTierAllc(_sender);

-        if (userMaxAllc > maxAllocation) {
+       if (userMaxAllc < maxAllocation) {
            return userMaxAllc;
        } else {
            return maxAllocation;
        }
    }
@github-actions github-actions bot added Medium A valid Medium severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Mar 23, 2024
@Hash01011122 Hash01011122 removed Medium A valid Medium severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Mar 27, 2024
@sherlock-admin2 sherlock-admin2 changed the title Jumpy Violet Ram - Users able to deposit over maxAllocation because of wrong implementation of TokenSale.calculateMaxAllocation() ZdravkoHr. - Users able to deposit over maxAllocation because of wrong implementation of TokenSale.calculateMaxAllocation() Mar 28, 2024
@sherlock-admin2 sherlock-admin2 added the Non-Reward This issue will not receive a payout label Mar 28, 2024
@sherlock-admin4 sherlock-admin4 mentioned this issue Apr 15, 2024
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Non-Reward This issue will not receive a payout
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Hash01011122 @sherlock-admin2