-
Notifications
You must be signed in to change notification settings - Fork 3
CVE False Reported Case
According to the reference, integer overflow is found in the transfer function and the transferFrom function. But, since the sum of the balances is always less than totalSupply which implies that the operation cannot be exploited. In other words, _value + balances[_to] <= balances[msg.sender] + balances[_to] <= totalSupply <= 2^256 - 1 because _value <= balances[msg.sender]
Similar to the CVE-2018-13113, the reference describes that the transfer function and the transferFrom function. However, the sum of the balances is always less than totalSupply, so the operation is safe. In other words, _value + balances[_to] <= balances[msg.sender] + balances[_to] <= totalSupply <= 2^256 - 1 because _value <= balances[msg.sender]
Same as CVE-2018-13113, the reference describes that the transfer function and the transferFrom function. However, the sum of the balances is always less than totalSupply, so the operation is safe. In other words, _value + balances[_to] <= balances[msg.sender] + balances[_to] <= totalSupply <= 2^256 - 1 because _value <= balances[msg.sender]
Same as CVE-2018-13113, the reference describes that the transfer function and the transferFrom function. However, the sum of the balances is always less than totalSupply, so the operation is safe. In other words, _value + balances[_to] <= balances[msg.sender] + balances[_to] <= totalSupply <= 2^256 - 1 because _value <= balances[msg.sender]