Closed tomwade closed 12 months ago
Our StrategyFactory
validates the percentage before it goes to our strategy contracts, so this parameter should already be checked.
// Ensure our percentage is valid (less than 100% to 2 decimal places)
require(_percentage > 0, 'Invalid percentage');
require(_percentage <= 100_00, 'Invalid percentage');
UVS-02M: Potentially Unsafe Cast
Description:
The referenced
uint128
casting operation is performed without any upper-bound limitations. Coupled with the fact that thepercentage
is not sanitized, it is possible to set an abnormally highpercentage
that would cause a casting overflow to occur and theUniswapV3Strategy::withdrawPercentage
function to actually succeed when it should have failed.Impact:
While the overflow operation would cause the withdrawal to succeed with an abnormally high percentage, the exhibit's impact depends on how the
UniswapV3Strategy::withdrawPercentage
function is utilized.Example:
Recommendation:
We advise the code to either sanitize the
percentage
argument to be at most100_00
or to perform theuint128
type cast safely, either of which we consider an adequate resolution to this exhibit.