Closed code423n4 closed 3 years ago
cmichel
As MochiVault.accrueDebt function performs unsafe casts: claimable += int256(increased);.
MochiVault.accrueDebt
claimable += int256(increased);
If the unsigned values are above the maximum signed value (type(int256).max), it will be interpreted as a negative value instead.
type(int256).max
Even though overflowing the max int256 value is unlikely, it's still recommended to use safe casts.
int256
Make sure the value fits into the type first by using a SafeCast library.
Handle
cmichel
Vulnerability details
As
MochiVault.accrueDebtfunction performs unsafe casts:claimable += int256(increased);.If the unsigned values are above the maximum signed value (
type(int256).max), it will be interpreted as a negative value instead.Impact
Even though overflowing the max
int256value is unlikely, it's still recommended to use safe casts.Recommended Mitigation Steps
Make sure the value fits into the type first by using a SafeCast library.