Category: Coding Mistakes
The locked amount is truncated to int128
in the _depositFor
function
High Severity
Medium Impact
Low Likelihood
Description
The _depositFor
function handles creating a new lock, extending the period of the lock and depositing to the lock.
function _depositFor(
uint256 _lockerId,
uint256 _value,
uint256 unlockTime,
LockedBalance memory lockedBalance,
DepositType _depositType
) internal {
// ...
if (_value != 0) {
_locked.amount += int128(int256(_value));
supply = supplyBefore + _value;
}
// ...
address from = msg.sender;
if (_value != 0) {
require(
IERC20(token).transferFrom(from, address(this), _value),
"fail to .transferFrom when ._depositFor"
);
}
// ...
}
If the _value
is nonzero, the locked amount of the lock increases and the token is transferred from the msg.sender
. However, the _value
is truncated to the int128
type when the locked amount increases.
Impact
If a user tries to deposit the amount more than , this function will lock up the tokens from the user or revert.
Recommendations
Consider confirming that the given amount does not overflow in the _depositFor
function.
Remediation
This issue has been acknowledged by Familia Labs Ltd., and a fix was implemented in commit f91f7386↗.