Open code423n4 opened 3 years ago
leastwood
Although solidity inherently casts uint128 to uint256 in BatchAuction.finalize():L288, explicitly casting marketInfo.totalTokens ensures that variables are properly casted.
uint128
uint256
BatchAuction.finalize():L288
marketInfo.totalTokens
https://github.com/sushiswap/miso/blob/master/contracts/Auctions/BatchAuction.sol#L288
Manual code review
Cast marketInfo.totalTokens from uint128 to uint256.
It is better style but I would argue that it does not constitute a bug
non-cirtical issues can be a styling suggestion or best practice recommendation
Handle
leastwood
Vulnerability details
Impact
Although solidity inherently casts
uint128
touint256
inBatchAuction.finalize():L288
, explicitly castingmarketInfo.totalTokens
ensures that variables are properly casted.Proof of Concept
https://github.com/sushiswap/miso/blob/master/contracts/Auctions/BatchAuction.sol#L288
Tools Used
Manual code review
Recommended Mitigation Steps
Cast
marketInfo.totalTokens
fromuint128
touint256
.