Open hats-bug-reporter[bot] opened 4 months ago
Thank you for the submission.
There are dangerous type casts that can lead to overflow, but is it really possible? At the moment, I don't know of any such case in this contract from real ones
The balance cannot fall below zero, and in places where it is possible there are checks with fuses
The just cast one type to other is not a problem, If you see a real problem, provide a description of case
I just realized that I classified it as medium, this was a mistake on my part, I intended it to be low
Is an unsafe cast with a low probability
Due to the lack of impact and inheritance from Thena/Chronos, OOS remains
Github username: @Rotcivegaf Twitter username: rotcivegaf Submission hash (on-chain): 0xd248fe4d42cf3aa3ee8365b4778d69a18d583882b3e22a6dc2741addb526b06c Severity: medium
Description: Lines:
int256
touint256
:int256
toint128
:Description:
The cast from
int256
touint256
can lead to an error because ifint256
is negative when cast touint256
it will return an erroneous result, for example:uint256(-1) = 115792089237316195423570985008687907853269984665640564039457584007913129639935
In the other hand casting
int256
toint128
can lead to an overflow error when the input is smaller than smallest int128 or larger than largest int128 for example:int128(340282366920938463463374607431768211456) = 0
Recommended Mitigation Steps:
Use
toUint256
when castint256
touint256
andtoInt128
when castint256
toint128
ofSafeCast
library of OZ