c4-judge
commented
1 year ago Picodes marked the issue as satisfactory
Open code423n4 opened 1 year ago
c4-judge
commented
1 year ago Picodes marked the issue as satisfactory
Lines of code
Vulnerability details
Comments
In the Vault the ERC20
_transfer,_mintand_burnmethods are overridden to use the TwabController functionality, and these call to the TwabController unsafely cast shares fromuint256touint96. As a result, if a user tries to transfer/mint/burn more thanuint96shares they will lose some shares during the action due to silent overflows.Mitigation
The updated implementation uses the OZ SafeCast library to safely cast the input
uint256shares value touint96for calls to the relevant TwabController methods. There is now no risk of a silent overflow so the issue is resolved.Conclusion
LGTM