# Report by mameta
## Summary: [M-01] When users add liquidities there is a vulnerability of overflow.
### Vulnerability Detail
When users add liquidities there is a vulnerability of overflow.
1. Users call "add" function.
2. _transferFrom method called in the "add" function adjust ammount of msg,sender and this contract.
3. In the _transferFrom method, Using unchecked assembly to increment amount of this contract.
4. "unchecked" doesn't check if overflow causes.
### Impact
If Overflow causes, the amount will totally different from the expected value and no longer a service.
### Code Snippet
```solidity
// line of 84
function _transferFrom(address from, address to, uint256 amount) internal returns (bool) {
balanceOf[from] -= amount;
// Cannot overflow because the sum of all user
// balances can't exceed the max uint256 value.
unchecked {
balanceOf[to] += amount;
}
emit Transfer(from, to, amount);
return true;
}
```
### Tool used
none
### Recommendation
removed "unchecked" to avoid vulnerability overflow
before
```solidity
function _transferFrom(address from, address to, uint256 amount) internal returns (bool) {
balanceOf[from] -= amount;
// Cannot overflow because the sum of all user
// balances can't exceed the max uint256 value.
unchecked {
balanceOf[to] += amount;
}
emit Transfer(from, to, amount);
return true;
}
```
after
```solidity
depositInfo.lastTime = uint256(block.timestamp);function _transferFrom(address from, address to, uint256 amount) internal returns (bool) {
balanceOf[from] -= amount;
// removed "unchecked" to avoid vulnerability overflow
balanceOf[to] += amount;
emit Transfer(from, to, amount);
return true;
}
```
## Summary: [M-02] Type Error.
### Vulnerability Detail
The type differs between what is declared and what is tired.
### Impact
This type Error make it invalidate to check the tokens exist in the merkle root.
### Code Snippet
```solidity
// line of 466
/// @dev Validates that the given tokenIds are valid for the contract's merkle root. Reverts
/// if any of the tokenId proofs are invalid.
function _validateTokenIds(uint256[] calldata tokenIds, bytes32[][] calldata proofs) internal view {
// if merkle root is not set then all tokens are valid
if (merkleRoot == bytes23(0)) return;
// validate merkle proofs against merkle root
for (uint256 i = 0; i < tokenIds.length; i++) {
bool isValid = MerkleProofLib.verify(proofs[i], merkleRoot, keccak256(abi.encodePacked(tokenIds[i])));
require(isValid, "Invalid merkle proof");
}
}
```
### Tool used
none
### Recommendation
removed "unchecked" to avoid vulnerability overflow
before
```solidity
if (merkleRoot == bytes23(0)) return;
```
after
```solidity
if (merkleRoot == bytes32(0)) return;
```
Sign in with Wallet
Connect another wallet