Platform: Code4rena
Start Date: 03/05/2022
Pot Size: $75,000 USDC
Total HM: 6
Participants: 55
Period: 7 days
Judge: Albert Chon
Total Solo HM: 2
Id: 116
League: COSMOS
Rank: 20/55
Findings: 2
Award: $616.75
🌟 Selected for report: 0
🚀 Solo Findings: 0
https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L276
_newValset parameter in updateValset can have validators that don't have enough power combined for passing the threshold.
check that the validators power combined is bigger than the threshold
#0 - V-Staykov
2022-05-11T11:05:07Z
Duplicate of #123
🌟 Selected for report: IllIllI
Also found by: 0x1337, 0x1f8b, 0xDjango, 0xkatana, AmitN, CertoraInc, Dravee, Funen, GermanKuber, GimelSec, Hawkeye, JC, MaratCerby, WatchPug, Waze, broccolirob, cccz, ch13fd357r0y3r, cryptphi, danb, defsec, delfin454000, dipp, dirk_y, ellahi, gzeon, hake, hubble, ilan, jah, jayjonah8, kebabsec, kirk-baird, m9800, orion, oyc_109, robee, shenwilly, simon135, sorrynotsorry
114.279 USDC - $114.28
https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L661
use safe math or change solidity version to 8
#0 - V-Staykov
2022-05-11T07:30:45Z
Duplicate of #39
#1 - albertchon
2022-05-18T22:13:29Z
As per the comment on #39
because the cumulative power of all the validators is calculated proportionally and made sure on the cosmos module side that it will never overflow
Hence this is not a risk.
#2 - JeeberC4
2022-05-19T18:28:08Z
Creating this as warden's QA Report as judge downgraded issue. Preserving original title: addition can overflow in the constructor