Judge has assessed an item in Issue #549 as 3 risk. The relevant finding follows:
[L-02] Unsafe casting of uints
Downcasting from uint256 in Solidity does not revert on overflow. This can easily result in undesired exploitation or bugs, since developers usually assume that overflows raise errors. OpenZeppelin's SafeCast restores this intuition by reverting the transaction when such an operation overflows. Using this library instead of the unchecked operations eliminates an entire class of bugs, so it’s recommended to use it always.
For example:
// Before
virtualNftReserves -= uint128(weightSum);
// After
virtualNftReserves -= toUint128(weightSum);
File: src/PrivatePool.sol
Judge has assessed an item in Issue #549 as 3 risk. The relevant finding follows:
[L-02] Unsafe casting of uints Downcasting from uint256 in Solidity does not revert on overflow. This can easily result in undesired exploitation or bugs, since developers usually assume that overflows raise errors. OpenZeppelin's SafeCast restores this intuition by reverting the transaction when such an operation overflows. Using this library instead of the unchecked operations eliminates an entire class of bugs, so it’s recommended to use it always.
For example:
// Before virtualNftReserves -= uint128(weightSum); // After virtualNftReserves -= toUint128(weightSum); File: src/PrivatePool.sol
230: virtualBaseTokenReserves += uint128(netInputAmount - feeAmount - protocolFeeAmount); 231: virtualNftReserves -= uint128(weightSum);
323: virtualBaseTokenReserves -= uint128(netOutputAmount + protocolFeeAmount + feeAmount); 324: virtualNftReserves += uint128(weightSum);