Downcasting Can Freeze The Chain

[code423n4]

Handle

nascent

Vulnerability details

[M-01] Downcasting Can Freeze The Chain

Severity: Medium Likelihood: Low

The function utils::downcast_uint256() -> Option<u64> returns None if the input value is greater than U64MAX. If the value being downcast is read from a contract (e.g. a nonce), and the contract could be put into such a state where a Uint256 is set to higher value, this will cause all nodes to halt execution upon reading this value, requiring a patch to reenable the bridge.

Recommendation

Change the signature of downcast_uint256() to return a Result<>, and/or remove any unwrap()s of the result.

[jkilpatr]

This is valid, dealing with nonces as big-ints is something of a pain and it's reasonable to not expect these values to go over u64 max. I believe with nonce increase limitations as described in #32 this can be mitigated.

[albertchon]

Low risk since this is very costly/impractical to make happen

[loudoguno]

reopening as per judges assessment as "primary issue" on findings sheet