CVE-2020-24837
HIGHzcfees - Integer Underflow via Timestamp Manipulation
Title source: llmDescription
An integer underflow has been found in the latest version of ZCFees. The variables 'currPeriodIdx' and 'lastPeriodExecIdx' are both unsigned integers, and the result of the minus operation may be a negative integer which leads to an underflow. The attackers can modify the current timestamp of the transaction somehow and block the execution of the process function.
References (1)
Core 1
Core References
Patch, Third Party Advisory x_refsource_misc
https://etherscan.io/address/0x9d79c6e2a0222b9ac7bfabc447209c58fe9e0dcc#code
Scores
CVSS v3
7.5
EPSS
0.0157
EPSS Percentile
72.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-191
Status
published
Products (1)
zcfees_project/zcfees
Published
Feb 10, 2021
Tracked Since
Feb 18, 2026