c4-judge
commented
1 year ago GalloDaSballo marked the issue as duplicate of #167
Closed c4-judge closed 1 year ago
c4-judge
commented
1 year ago GalloDaSballo marked the issue as duplicate of #167
c4-judge
commented
1 year ago GalloDaSballo marked the issue as satisfactory
Judge has assessed an item in Issue #891 as 3 risk. The relevant finding follows:
[L-1]: Unsafe casting may overflow Context:
virtualBaseTokenReserves += uint128(netInputAmount - feeAmount - protocolFeeAmount); L230 virtualNftReserves -= uint128(weightSum); L231 virtualBaseTokenReserves -= uint128(netOutputAmount + protocolFeeAmount + feeAmount); L323 virtualNftReserves += uint128(weightSum); L324 Description:
While Solidity 0.8.x checks for overflows on arithmetic operations, it does not do so for casting.
Recommendation:
Use OpenZeppelin’s SafeCast library to prevent unexpected overflows.