c4-judge
commented
1 year ago GalloDaSballo marked the issue as duplicate of #167
Closed c4-judge closed 1 year ago
c4-judge
commented
1 year ago GalloDaSballo marked the issue as duplicate of #167
c4-judge
commented
1 year ago GalloDaSballo marked the issue as satisfactory
Judge has assessed an item in Issue #549 as 3 risk. The relevant finding follows:
[L-02] Unsafe casting of uints Downcasting from uint256 in Solidity does not revert on overflow. This can easily result in undesired exploitation or bugs, since developers usually assume that overflows raise errors. OpenZeppelin's SafeCast restores this intuition by reverting the transaction when such an operation overflows. Using this library instead of the unchecked operations eliminates an entire class of bugs, so it’s recommended to use it always.
For example:
// Before virtualNftReserves -= uint128(weightSum); // After virtualNftReserves -= toUint128(weightSum); File: src/PrivatePool.sol
230: virtualBaseTokenReserves += uint128(netInputAmount - feeAmount - protocolFeeAmount); 231: virtualNftReserves -= uint128(weightSum);
323: virtualBaseTokenReserves -= uint128(netOutputAmount + protocolFeeAmount + feeAmount); 324: virtualNftReserves += uint128(weightSum);