Uploaded image for project: 'RChain'
  1. RCHAIN-1117

Integer overflow vulnerability in MakeMint

    Details

    • Type: Bug
    • Status: To Do
    • Priority: Highest
    • Resolution: Unresolved
    • Affects versions: None
    • Fix versions: None
    • Components: Rholang

      Description

      The deposit method of the Purse (from the MakeMint contract) is does not check whether an integer overflow error returns from it's NonNegativeInteger when it adds the amount from the other purse to it's own purse. Therefore, it can happen that an amount of tokens get's decremented from another purse, but will not get added to the own purse.

      Included are two files: one file where I wrote down unit tests where the bug is visible, the other file shows a proposed solution.

      Reporter: Rinke Hendriksen
      E-mail: rinkehendriksen@gmail.com

        Attachments

          Issue links

            Activity

              People

              • Assignee:
                ovidiu Ovidiu Deac
                Reporter:
                rinkehendriksen Rinke Hendriksen
              • Votes:
                1 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: