c4-judge
commented
1 year ago GalloDaSballo marked the issue as duplicate of #167
Closed c4-judge closed 1 year ago
c4-judge
commented
1 year ago GalloDaSballo marked the issue as duplicate of #167
c4-judge
commented
1 year ago GalloDaSballo marked the issue as satisfactory
Judge has assessed an item in Issue #326 as 3 risk. The relevant finding follows:
[L-05] Integer overflow by unsafe casting Description Keep in mind that the version of solidity used, despite being greater than 0.8, does not prevent integer overflows during casting, it only does so in mathematical operations.
It is necessary to safely convert between the different numeric types.
Lines of code virtualBaseTokenReserves += uint128(netInputAmount - feeAmount - protocolFeeAmount); PrivatePool.sol#L230 virtualNftReserves -= uint128(weightSum); PrivatePool.sol#L231 virtualBaseTokenReserves -= uint128(netOutputAmount + protocolFeeAmount + feeAmount); PrivatePool.sol#L323 virtualNftReserves += uint128(weightSum); PrivatePool.sol#L324 Recommended Mitigation Steps Use OpenZeppelin safeCast library.