code-423n4 / 2021-09-sushimiso-findings

0 stars 0 forks source link

Missing `uint256` Cast #148

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

leastwood

Vulnerability details

Impact

Although solidity inherently casts uint128 to uint256 in BatchAuction.finalize():L288, explicitly casting marketInfo.totalTokens ensures that variables are properly casted.

Proof of Concept

https://github.com/sushiswap/miso/blob/master/contracts/Auctions/BatchAuction.sol#L288

Tools Used

Manual code review

Recommended Mitigation Steps

Cast marketInfo.totalTokens from uint128 to uint256.

Clearwood commented 3 years ago

It is better style but I would argue that it does not constitute a bug

ghoul-sol commented 3 years ago

non-cirtical issues can be a styling suggestion or best practice recommendation