Open hats-bug-reporter[bot] opened 6 months ago
Github username: @saidqayoumsadat Twitter username: saqsadat143 Submission hash (on-chain): 0xaf4ba2b93b17a9380e59287d523af2f7685a24f87bf3d187cf1cd24da29abcf4 Severity: low
Description: Description\ Consider using OpenZeppelin's SafeCast library to prevent unexpected overflows.
file: /src/CatalystChainInterface.sol 370 uint32(block.number), 371 uint16(calldata_.length),
https://github.com/catalystdao/catalyst/blob/27b4d0a2bca177aff00def8cd745623bfbf7cb6b/evm/src/CatalystChainInterface.sol#L370C1-L371C38
file: /src/CatalystChainInterface.sol#L396C1-L399C93 396 uint256(bytes32(data[ UNITS_START : UNITS_END ])), // units uint256(bytes32(data[ CTX0_FROM_AMOUNT_START : CTX0_FROM_AMOUNT_END ])), // fromAmount address(bytes20(data[ CTX0_FROM_ASSET_START_EVM : CTX0_FROM_ASSET_END ])), // fromAsset uint32(bytes4(data[ CTX0_BLOCK_NUMBER_START : CTX0_BLOCK_NUMBER_END ])) // blo
https://github.com/catalystdao/catalyst/blob/27b4d0a2bca177aff00def8cd745623bfbf7cb6b/evm/src/CatalystChainInterface.sol#L396C1-L399C93
file: /src/CatalystVaultAmplified.sol 339 int256((weightAssetBalance - _underwriteEscrowMatchBalance0[token] * weight) * FixedPointMathLib.WAD), // If casting overflows to a negative number, powWad fails 347 int256(weightAssetBalance * FixedPointMathLib.WAD), // If casting overflows to a negative number, powWad fails
https://github.com/catalystdao/catalyst/blob/27b4d0a2bca177aff00def8cd745623bfbf7cb6b/evm/src/CatalystVaultAmplified.sol#L339C1-L339C191
file: /src/CatalystVaultVolatile.sol 885 uint256 U = uint256(FixedPointMathLib.lnWad( // uint256: ln computed of a value greater than 1 is always positive 886 int256(FixedPointMathLib.divWadDown(initialTotalSupply, initialTotalSupply - vaultTokens))
https://github.com/catalystdao/catalyst/blob/27b4d0a2bca177aff00def8cd745623bfbf7cb6b/evm/src/CatalystVaultVolatile.sol#L885C1-L886C104
You are aware that you are wasting gas submitting these issues?
Please see code comments. Do you disagree?
Github username: @saidqayoumsadat Twitter username: saqsadat143 Submission hash (on-chain): 0xaf4ba2b93b17a9380e59287d523af2f7685a24f87bf3d187cf1cd24da29abcf4 Severity: low
Description: Description\ Consider using OpenZeppelin's SafeCast library to prevent unexpected overflows.
https://github.com/catalystdao/catalyst/blob/27b4d0a2bca177aff00def8cd745623bfbf7cb6b/evm/src/CatalystChainInterface.sol#L370C1-L371C38
https://github.com/catalystdao/catalyst/blob/27b4d0a2bca177aff00def8cd745623bfbf7cb6b/evm/src/CatalystChainInterface.sol#L396C1-L399C93
https://github.com/catalystdao/catalyst/blob/27b4d0a2bca177aff00def8cd745623bfbf7cb6b/evm/src/CatalystVaultAmplified.sol#L339C1-L339C191
https://github.com/catalystdao/catalyst/blob/27b4d0a2bca177aff00def8cd745623bfbf7cb6b/evm/src/CatalystVaultVolatile.sol#L885C1-L886C104