Integer overflow in ColonyNetworkMining

[Destiner]

Summary

Possible integer overflow at ColonyNetworkMining.rewardStakers(). This is suspicious, because we have assert one line above that aims to eradicate int overflow. Therefore the problem here is that we can pass this assert, but still overflow when minting new tokens.

Steps to Reproduce (for bugs)

Call rewardStakers with big number of stakers.

Expected Behavior

Reward stakers should revert on overflow.

Current Behaviour

Amount of minted tokens will overflow.

Possible Solution

More strict assert: assert(stakers.length * reward < uint256(int256(-1)));

[area]

There are a lot of TODOs floating around this function, and you are certainly correct that the assert there is inadequate for what the comments describe it as doing. That said, I don't believe an overflow is possible. rewardStakers is limited to a length of 12 (by this, and reward is hardcoded at 10**18, and so the maximum value will not overflow.

I am closing this issue, but if I have overlooked something please feel free to reopen it.

This function is being reworked as part of #399