Upgraded Q -> 3 from #407 [1683102761347]

c4-judge commented 1 year ago

Judge has assessed an item in Issue #407 as 3 risk. The relevant finding follows:

L01 Unsafe downcasting On PrivatePool.sol#L230-L231 there are two unsafe downcasting from uint256 to uint128;

    virtualBaseTokenReserves += uint128(netInputAmount - feeAmount - protocolFeeAmount);
    virtualNftReserves -= uint128(weightSum);

I think is possible under certain cirscunstances that weightSum > uint128.max or netInputAmount - feeAmount - protocolFeeAmount > uint128.max

Consider using OpenZeppelin’s SafeCast library to prevent unexpected overflows/underflows when casting from other types

c4-judge commented 1 year ago

GalloDaSballo marked the issue as duplicate of #167

c4-judge commented 1 year ago

GalloDaSballo marked the issue as satisfactory

code-423n4 / 2023-04-caviar-findings