Closed CloudEllie closed 2 years ago
Judge @GalloDaSballo has assessed the 6th item in QA Report #254 as Medium risk. The relevant finding follows:
…
You should use safe casts here:
deposits[_pid][msg.sender].amount += uint192(_amount); deposits[_pid][msg.sender].amount -= uint192(_amount); amount : uint192(_amount)
Otherwise, if token amounts are exceeding these limits (e.g. rebasing tokens) the accounted and transferred amounts will differ. For instance, in function deposit it will add less to the user's balance but charge the full amount:
deposits[_pid][msg.sender].amount += uint192(_amount); ... lpToken.safeTransferFrom(msg.sender, address(this), _amount);
Duplicate of #194
CloudEllie
commented
2 years ago
Judge @GalloDaSballo has assessed the 6th item in QA Report #254 as Medium risk. The relevant finding follows:
…
You should use safe casts here:
Otherwise, if token amounts are exceeding these limits (e.g. rebasing tokens) the accounted and transferred amounts will differ. For instance, in function deposit it will add less to the user's balance but charge the full amount: