soroban-examples icon indicating copy to clipboard operation
soroban-examples copied to clipboard

Published 20 hours ago verified publisher icon stellar

Audit use of negative amounts

Open sisuresh opened this issue 1 year ago • 0 comments

Some contracts like timelock and the fuzzing example validate for negative values, and instead rely on the token implementation to fail. The problem is that the token interface accepts negative values, so some implementations can choose to implement custom logic to work with negative values. We should make sure none of our examples have a vulnerability due to this.

sisuresh avatar Jul 05 '23 19:07 sisuresh