search

code-423n4 / 2023-01-astaria-findings

5 stars 2 forks source link

Comparison Of Different Types Might Lead to Inconsistent Behavior #555

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-01-astaria/blob/main/src/PublicVault.sol#L375

Vulnerability details

Impact

Comparison Of Different Types Might Lead to Inconsistent Behavior

Proof of Concept

The comparison here https://github.com/code-423n4/2023-01-astaria/blob/main/src/PublicVault.sol#L375 compares two different types , i.e. uint88 (withdrawReserve) and uint256 withdrawBalance. This type of mismatched might induce unwanted behavior (If a bug allowed old solidity somewhere in the code and uint88 will hold $309,485,009 which is achievable through flash loan , it may lead to overflow.unwanted behavior)

Tools Used

Manual analysis

Recommended Mitigation Steps

Convert the withdrawBalance to uint88

c4-judge commented 1 year ago

Picodes marked the issue as unsatisfactory: Insufficient quality