Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Swisstronik>Low findings>Potential overflow in ,fee_checker
GeneralOverview
Findings
High (1)
Medium (3)
Low (4)Unbounded originalData can be providedThe EvmDenom can be updated by the EVM module's MsgUpdateParamsPotential division by zero in fee_checkerPotential overflow in fee_checker
Informational (1)
DiscussionInstallation stepsThe go-ethereum precompile tests
Audit ResultsAssessment Results
Category: Coding Mistakes

Potential overflow in fee_checker

Low Severity
Low Impact
Low Likelihood

Description

The ValidateBasic function currently lacks an upper bound for gas, allowing values that could exceed math.MaxInt64:

// ValidateBasic does a sanity check of the provided data
func (m *MsgUpdateParams) ValidateBasic() error {
	if _, err := sdk.AccAddressFromBech32(m.Authority); err != nil {
		return errortypes.Wrap(err, "invalid authority address")
	}

	return m.Params.Validate()
}

Impact

Extremely large gas values may lead to unexpected behaviors or overflows in later calculations.

Recommendations

Add a check to ensure the gas cannot exceed math.MaxInt64 in the validation logic.

Remediation

This issue has been acknowledged by Sigma Assets GmbH, and a fix was implemented in commit e727fd5e.

Zellic © 2025Back to top ↑