CVE-2020-24837

Name of the Vulnerable Software and Affected Versions: ZCFees version latest

Description: An integer underflow issue has been identified, involving the variables currPeriodIdx and lastPeriodExecIdx, which are unsigned integers. The result of the minus operation between these variables may yield a negative integer, leading to an underflow. Attackers can potentially modify the current transaction timestamp, thereby blocking the execution of the process function.

Recommendations: For ZCFees version latest, consider restricting access to the process function until a patch is available to prevent exploitation of the integer underflow issue. As a temporary workaround, avoid using the variables currPeriodIdx and lastPeriodExecIdx in transactions that could lead to underflow conditions.