We're updating the issue view to help you get more done. 

Integer overflow vulnerability in MakeMint

Description

The deposit method of the Purse (from the MakeMint contract) is does not check whether an integer overflow error returns from it's NonNegativeInteger when it adds the amount from the other purse to it's own purse. Therefore, it can happen that an amount of tokens get's decremented from another purse, but will not get added to the own purse.

Included are two files: one file where I wrote down unit tests where the bug is visible, the other file shows a proposed solution.

Reporter: Rinke Hendriksen
E-mail: rinkehendriksen@gmail.com

Environment

Status

Assignee

Ovidiu Deac

Reporter

Rinke Hendriksen

Priority

Highest

Affects versions

None

Components

Sprint

None

Labels