Potential integer underflow in calculateAllocation
Description
The addToWhitelist function allows the owner to update the allocation amount at any time during the whitelistAddEnd period. The totalAllocation variable is calculated as follows:
uint256 totalAllocation = currentMonth * allocations[_account].monthlyAllocation + allocations[_account].initialAllocation;If the value of totalAllocation is less than the totalSpent[_account] total amount (i.e., the amount of token that has been transferred out, other than that transferred to the veTokenMigrator address), the following calculation will underflow, causing a reversion:
return totalAllocation - totalSpent[_account];This may happen if the owner calls addToWhitelist and decreases the initialAllocation or monthlyAllocation amounts.
Impact
The calculateAllocation function provides less configurability than likely intended as the owner cannot always decrease the allocation configuration.
Regardless, we recommend preventing underflows to improve correctness (enabling formal verification in the future) and make errors more easily debuggable.
Recommendations
Use the maximum value between 0 and totalAllocation - totalSpent[_account]:
function calculateAllocation(address _account) public view returns (uint256) {
uint256 currentMonth = calculateCurrentMonth();
if(currentMonth < 12){
return 0; //12 month cliff
}
uint256 totalAllocation = currentMonth * allocations[_account].monthlyAllocation + allocations[_account].initialAllocation;
+ if (totalAllocation < totalSpent[_account]) return 0;
return totalAllocation - totalSpent[_account];
}Remediation
This issue has been acknowledged by Spectral Finance, and a fix was implemented in commit d39c89a3↗.