Skip to content
This repository has been archived by the owner on Sep 22, 2024. It is now read-only.

theFirstElder - User can purchase above maximuim allocation #19

Closed
sherlock-admin3 opened this issue Mar 20, 2024 · 0 comments
Closed

theFirstElder - User can purchase above maximuim allocation #19

sherlock-admin3 opened this issue Mar 20, 2024 · 0 comments
Labels
Non-Reward This issue will not receive a payout

Comments

@sherlock-admin3
Copy link
Contributor

sherlock-admin3 commented Mar 20, 2024
edited by Evert0x
Loading

theFirstElder

medium

User can purchase above maximuim allocation

Summary

Users can purchase more than the maximum allocation allowed by the contract.

Vulnerability Detail

Due to incorrect contract implementation, users can exceed the maximum allocation limit.

Impact

Allowing users to purchase beyond the maximum allocation violates the contract's maximum deposit invariant.

Code Snippet

https://github.com/sherlock-audit/2024-03-zap-protocol/blob/main/zap-contracts-labs/contracts/TokenSale.sol#L262

Tool used

Manual Review

Recommendation

// @audit incorrect calculation.... maxAll1c > max allocation should return
function calculateMaxAllocation(address _sender) public returns (uint256) {
    uint256 userMaxAllc = _maxTierAllc(_sender);

    if (userMaxAllc > maxAllocation) {
-        return userMaxAllc;
+        return maxAllocation;
    } else {
-         return maxAllocation;
+        return userMaxAllc;
    }
}
@github-actions github-actions bot added Medium A valid Medium severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Mar 23, 2024
@Hash01011122 Hash01011122 removed the Medium A valid Medium severity issue label Mar 27, 2024
@sherlock-admin2 sherlock-admin2 changed the title Bouncy Grape Weasel - User can purchase above maximuim allocation theFirstElder - User can purchase above maximuim allocation Mar 28, 2024
@sherlock-admin2 sherlock-admin2 added Non-Reward This issue will not receive a payout and removed Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Mar 28, 2024
@sherlock-admin4 sherlock-admin4 mentioned this issue Apr 15, 2024
Closed
@Hash01011122 Hash01011122 mentioned this issue Apr 20, 2024
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Non-Reward This issue will not receive a payout
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Hash01011122 @sherlock-admin2 @sherlock-admin3