Skip to main content
Post your Question
Sarang ParikhGuild
Developer | Researcher | Future is NEAR 🔥
Asked a question last year

I was looking at the NEAR Fungible Token Contract for the NEAR Community Token Bounty and observed that in the transfer() function we haven't checked for an integer overflow. I just verified it with a <u8> that it is possible to overflow. This is particularly dangerous because there might be a case where someone (group of people) can typically round the balance of another user to 0. Do you guys think it is a good idea to just add an assert statement that verifies that the balance will not overflow. However, I understand overflow might not be very feasible in most of the conditions but it's theoretically possible and with assert it's just an easy fix. What do you guys think? PS: I have already opened a PR at the https://github.com/near-examples/token-contract-as/pull/54

Thanks for joining us!