F-2024-0002·integer-overflow

Inconsistent amount type in withdraw function

Fixedbridgenearrainbow-bridgegithub.com/Near-One/rainbow-token-connector
TL;DR

withdraw declares amount as uint256 but the value is handled as uint128 on the NEAR side, creating an integer-overflow risk if the supplied amount exceeds type(uint128).max.

Severity
LOW
Impact
LOW
Likelihood
LOW
Method
MManual review
CAT.
Complexity
LOW
Exploitability
LOW
02Section · Description

Description

In the provided code snippet, the withdraw function of the contract takes an amount parameter of type uint256. However, upon further analysis, it appears that the amount is being handled as uint128 in other parts of the contract.

Solidity Part:

solidity
function withdraw(
    string memory token,
    uint256 amount,
    string memory recipient
) external whenNotPaused(PAUSED_WITHDRAW) {
    _checkWhitelistedToken(token, msg.sender);
    require(_isBridgeToken[_nearToEthToken[token]], "ERR_NOT_BRIDGE_TOKEN");


    address tokenEthAddress = _nearToEthToken[token];
    BridgeToken(tokenEthAddress).burn(msg.sender, amount);


    emit Withdraw(token, msg.sender, amount, recipient, tokenEthAddress);
}

Near Side (Rust):

rust
#[near_bindgen]
impl FungibleTokenReceiver for Contract {
    /// Callback on receiving tokens by this contract.
    /// msg: `Ethereum` address to receive the tokens on.
    #[pause(except(roles(Role::DAO, Role::UnrestrictedDeposit)))]
    fn ft_on_transfer(
        &mut self,
        sender_id: AccountId,
        amount: U128,
        msg: String,
    ) -> PromiseOrValue<U128> {
        self.check_whitelist_token(env::predecessor_account_id(), sender_id);
        let eth_address = validate_eth_address(msg);
        ext_self::ext(env::current_account_id())
            .with_static_gas(FT_FINISH_DEPOSIT_GAS)
            .finish_deposit(env::predecessor_account_id(), amount.0, eth_address);
        PromiseOrValue::Value(U128(0))
    }
}
03Section · Impact

Impact

If the amount is intended to be uint128 but is declared as uint256, there is a risk of integer overflow. If the amount value exceeds the maximum value that can be represented by uint128, it will overflow.

04Section · Recommendation

Recommendation

Modify the function signature to:

solidity
function withdraw(string memory token, uint128 amount, string memory recipient)
    external
    whenNotPaused(PAUSED_WITHDRAW);
05Section · Resolution

Resolution

Resolved.

Status
Fixed
ZEALYNX SECURITY · published 2024-06-03
F-2024-0002

oog
zealynx

Smart Contract Security Digest

Monthly exploit breakdowns, audit checklists, and DeFi security research — straight to your inbox

REQUEST AN AUDIT

Quick Links

Services

Company

Resources

© 2026 Zealynx