Potential overflow for function `updateValueAtNow`

[aoli-al]

trafficstars

Hi,

I'm running a tool that detects vulnerable contracts. While analyzing MiniMeToken, we found that function updateValueAtNow takes a uint256 and further cast it into a uint128. Some overflow attacks can be performed because of this:

in function generateTokens if curTotalSupply + _amount is larger than 2**128 but smaller than 2**256. The overflow check in line 422 can be bypassed. However, _value passed to updateValueAtNow is larger than 2**128, which will wrap around and start from 0.

A potential fix is to add one check before the value is stored(line 500 and 503):

require(_value < 2**128);

[ytrezq]

@Leeleo3x : except this doesn’t apply because those values being used derived from actual Ether.