Open code423n4 opened 2 years ago
amount_
can never be larger than a uint88
since there are only 240M (18 decimals) XDEFI tokens.
block.timestamp
will never be larger than a uint32
for 50 years.
There is no risk here. Perhaps informational as I can leave a comment.
Relevant comments were left in the release candidate contracts.
Handle
WatchPug
Vulnerability details
https://github.com/XDeFi-tech/xdefi-distribution/blob/3856a42df295183b40c6eee89307308f196612fe/contracts/XDEFIDistribution.sol#L273-L275
Downcasting from uint256/int256 in Solidity does not revert on overflow. This can easily result in undesired exploitation or bugs.
Recommendation
Consider using
SafeCast
library from OpenZeppelin.https://docs.openzeppelin.com/contracts/4.x/api/utils#SafeCast