DEV Community 👩‍💻👨‍💻

joffreyred88
joffreyred88

Posted on

Solidity Contract Audit

Hello I have a solidity code to audit like this

pragma solidity ^0.8.0;

import "@openzeppelin/contracts/token/ERC20/IERC20.sol";

// Allow to split the balance through complex rules

interface Split{

function getAddressAndAmountToSplit() view external returns(address, uint);

}

// MyBank contract

// This contract allows anyone to store any ERC20 tokens

contract MyBank {

// (token => user => amount)

mapping (address => mapping(address => uint)) public userBalance;

// (address => Split contract)

mapping (address => Split) splits;

// Deposit ERC20 tokens to the contracts

// The user must approve the bank before calling addToBalance

function addToBalance(IERC20 token, uint amount) external

{

token.transferFrom(msg.sender, address(this), amount);

userBalance[address(token)][msg.sender] += amount;

}

// Withdraw part of the balance

function withdrawBalance(IERC20 token) external

{

token.transfer(msg.sender, userBalance[address(token)][msg.sender]);

userBalance[address(token)][msg.sender] = 0;

}

// Allow to register a split contract

function registerSplit(Split split) external{

splits[msg.sender] = split;

}

// Split the balance into two accounts

// The usage of a Split contract allows to create complex split strategies

function splitBalance(IERC20 token) external

{

Split split = splits[msg.sender];

require(split != Split(address(0x0)));

uint balance = userBalance[address(token)][msg.sender];

(address dest, uint amount) = Split(split).getAddressAndAmountToSplit();

userBalance[address(token)][dest] = amount;

userBalance[address(token)][msg.sender] = balance - amount;

}
}
Enter fullscreen mode Exit fullscreen mode

What I found.

  1. function withdrawBalance(IERC20 token) external possible reentrancy attack, because we check balance in the end
  2. function splitBalance(IERC20 token) external - vulnerable business logic, because if amount is greater than balance we get negative value and possible integer overflow

If you have any idea of possible vulnerabilities of code above, please feel free to provide any further assistance

Top comments (0)

Make Your Github Profile Stand Out

Github is great, but have you considered how to make yours more attractive for potential employers or other visitors? Even non-tech ones like recruiters!

Take a couple of hours and show your best side as a person - and a programmer.