search

hats-finance / Catalyst-Exchange-0x3026c1ea29bf1280f99b41934b2cb65d053c9db4

Other
1 stars 2 forks source link

Double type casts create complexity within the code #16

Open hats-bug-reporter[bot] opened 8 months ago

hats-bug-reporter[bot] commented 8 months ago

Github username: @saidqayoumsadat Twitter username: saqsadat143 Submission hash (on-chain): 0x8966dd7575376720ff3b24ae6bd9a3c0f86ad7680969532b01ed44d022068a3a Severity: low

Description: Description\ Double type casting should be avoided in Solidity contracts to prevent unintended consequences and ensure accurate data representation. Performing multiple type casts in succession can lead to unexpected truncation, rounding errors, or loss of precision, potentially compromising the contract's functionality and reliability. Furthermore, double type casting can make the code less readable and harder to maintain, increasing the likelihood of errors and misunderstandings during development and debugging. To ensure precise and consistent data handling, developers should use appropriate data types and avoid unnecessary or excessive type casting, promoting a more robust and dependable contract execution.

  1. Proof of Concept (PoC) File
file: src/CatalystChainInterface.sol#

498        if (uint96(bytes12(data[TO_ACCOUNT_START+32:TO_ACCOUNT_START_EVM])) != 0) revert InvalidAddress();  // Check the next 32-20=12 bytes are 0.

https://github.com/catalystdao/catalyst/blob/27b4d0a2bca177aff00def8cd745623bfbf7cb6b/evm/src/CatalystChainInterface.sol#L498C1-L498C148

file: /src/CatalystChainInterface.sol

780            expiry: uint96(uint256(block.number) + uint256(maxUnderwritingDuration))  // Should never overflow.

820            uint96(uint256(block.number) + uint256(maxUnderwritingDuration)),

https://github.com/catalystdao/catalyst/blob/27b4d0a2bca177aff00def8cd745623bfbf7cb6b/evm/src/CatalystChainInterface.sol#L780C1-L780C112

file: /src/CatalystVaultCommon.sol

664      _setTokenEscrow(
            identifier,
            address(uint160(1)),
            toAsset,
            purchasedTokens
        );

https://github.com/catalystdao/catalyst/blob/27b4d0a2bca177aff00def8cd745623bfbf7cb6b/evm/src/CatalystVaultCommon.sol#L664C4-L669C11

reednaa commented 8 months ago

Non-issue. Promose a better solution.