Closed c4-judge closed 1 year ago
Judge has assessed an item in Issue #407 as 3 risk. The relevant finding follows:
L01 Unsafe downcasting On PrivatePool.sol#L230-L231 there are two unsafe downcasting from uint256 to uint128;
virtualBaseTokenReserves += uint128(netInputAmount - feeAmount - protocolFeeAmount); virtualNftReserves -= uint128(weightSum);
I think is possible under certain cirscunstances that weightSum > uint128.max or netInputAmount - feeAmount - protocolFeeAmount > uint128.max
Consider using OpenZeppelin’s SafeCast library to prevent unexpected overflows/underflows when casting from other types
GalloDaSballo marked the issue as duplicate of #167
GalloDaSballo marked the issue as satisfactory
Judge has assessed an item in Issue #407 as 3 risk. The relevant finding follows:
L01 Unsafe downcasting On PrivatePool.sol#L230-L231 there are two unsafe downcasting from uint256 to uint128;
I think is possible under certain cirscunstances that weightSum > uint128.max or netInputAmount - feeAmount - protocolFeeAmount > uint128.max
Consider using OpenZeppelin’s SafeCast library to prevent unexpected overflows/underflows when casting from other types