Integer overflow vulnerability in MakeMint

Description

The deposit method of the Purse (from the MakeMint contract) is does not check whether an integer overflow error returns from it's NonNegativeInteger when it adds the amount from the other purse to it's own purse. Therefore, it can happen that an amount of tokens get's decremented from another purse, but will not get added to the own purse.

Included are two files: one file where I wrote down unit tests where the bug is visible, the other file shows a proposed solution.

Reporter: Rinke Hendriksen
E-mail: rinkehendriksen@gmail.com

Environment

None

Assignee

Isaac DeFrain

Reporter

Rinke Hendriksen

Priority

Highest

Affects versions

None

Components

Sprint

None

Labels

Fix versions

Configure