Incorrect Calculation
| Property | |
|---|---|
| Language | solidity |
| Severity |  |
| CWE | CWE-682: Incorrect Calculation |
| OWASP | A7:2021 Identification and Authentication Failures |
| Confidence Level | High |
| Impact Level | High |
| Likelihood Level | High |
Description#
The code updates balances for both the sender (‘from’) and recipient (’to’) without checking if they are the same address. This can allow users to manipulate their own balance during self-transfers, leading to incorrect accounting.
Impact#
If exploited, an attacker could repeatedly transfer tokens to themselves to inflate their balance or bypass restrictions, resulting in financial loss, broken token invariants, and potential compromise of the entire smart contract or token ecosystem.