Addition/multiplication in unchecked block is unsafe

[hats-bug-reporter[bot]]

Github username: @saidqayoumsadat Twitter username: saqsadat143 Submission hash (on-chain): 0x2bf62b1934129003366ed13bf8720d10490b1108e32214242e63b929ab8b10be Severity: low

Description: Description\ The additions/multiplications may silently overflow because they're in unchecked blocks with no preceding value checks, which may lead to unexpected results

1. Proof of Concept (PoC) File

file: /src/CatalystChainInterface.sol

873            uint256 underwritingIncentive = (underWrittenTokens * uint256(underwriteIncentiveX16)) >> 16; 

878            uint256 refundAmount = underWrittenTokens * (
                UNDERWRITING_COLLATERAL
            )/UNDERWRITING_COLLATERAL_DENOMINATOR + underwritingIncentive;

https://github.com/catalystdao/catalyst/blob/27b4d0a2bca177aff00def8cd745623bfbf7cb6b/evm/src/CatalystChainInterface.sol#L873C1-L873C107

file: /src/CatalystVaultAmplified.sol

216            if (A/SMALL_SWAP_RATIO >= amount) return U * SMALL_SWAP_RETURN / FixedPointMathLib.WAD;

https://github.com/catalystdao/catalyst/blob/27b4d0a2bca177aff00def8cd745623bfbf7cb6b/evm/src/CatalystVaultAmplified.sol#L216C1-L216C100

file: /src/CatalystVaultAmplified.sol

142            uint256 escrowAmountTimesWeight = escrowAmount * _weight[escrowToken];

1438            uint256 new_muc = muc + escrowAmountTimesWeight; // Might overflow. Can be checked by comparing it against MUC.

https://github.com/catalystdao/catalyst/blob/27b4d0a2bca177aff00def8cd745623bfbf7cb6b/evm/src/CatalystVaultAmplified.sol#L1422C1-L1422C83

[reednaa]

Read code comments