UnsafeCasts `int256` to `uint256` and `int256` to `int128`

[hats-bug-reporter[bot]]

Github username: @Rotcivegaf Twitter username: rotcivegaf Submission hash (on-chain): 0xd248fe4d42cf3aa3ee8365b4778d69a18d583882b3e22a6dc2741addb526b06c Severity: medium

Description: Lines:

int256 to uint256:

• https://github.com/Satsyxbt/Fenix/blob/bfcee140a38b39f0eb34dea6921b3b7d5248df82/contracts/core/VotingEscrowUpgradeable.sol#L151
• https://github.com/Satsyxbt/Fenix/blob/bfcee140a38b39f0eb34dea6921b3b7d5248df82/contracts/core/VotingEscrowUpgradeable.sol#L812
• https://github.com/Satsyxbt/Fenix/blob/bfcee140a38b39f0eb34dea6921b3b7d5248df82/contracts/core/VotingEscrowUpgradeable.sol#L812
• https://github.com/Satsyxbt/Fenix/blob/bfcee140a38b39f0eb34dea6921b3b7d5248df82/contracts/core/VotingEscrowUpgradeable.sol#L939
• https://github.com/Satsyxbt/Fenix/blob/bfcee140a38b39f0eb34dea6921b3b7d5248df82/contracts/core/VotingEscrowUpgradeable.sol#L999
• https://github.com/Satsyxbt/Fenix/blob/bfcee140a38b39f0eb34dea6921b3b7d5248df82/contracts/core/VotingEscrowUpgradeable.sol#L1055
  • https://github.com/Satsyxbt/Fenix/blob/bfcee140a38b39f0eb34dea6921b3b7d5248df82/contracts/core/VotingEscrowUpgradeable.sol#L1078

int256 to int128:

• https://github.com/Satsyxbt/Fenix/blob/bfcee140a38b39f0eb34dea6921b3b7d5248df82/contracts/core/VotingEscrowUpgradeable.sol#L555
• https://github.com/Satsyxbt/Fenix/blob/bfcee140a38b39f0eb34dea6921b3b7d5248df82/contracts/core/VotingEscrowUpgradeable.sol#L559
• https://github.com/Satsyxbt/Fenix/blob/bfcee140a38b39f0eb34dea6921b3b7d5248df82/contracts/core/VotingEscrowUpgradeable.sol#L604
• https://github.com/Satsyxbt/Fenix/blob/bfcee140a38b39f0eb34dea6921b3b7d5248df82/contracts/core/VotingEscrowUpgradeable.sol#L696
• https://github.com/Satsyxbt/Fenix/blob/bfcee140a38b39f0eb34dea6921b3b7d5248df82/contracts/core/VotingEscrowUpgradeable.sol#L874
• https://github.com/Satsyxbt/Fenix/blob/bfcee140a38b39f0eb34dea6921b3b7d5248df82/contracts/core/VotingEscrowUpgradeable.sol#L937
• https://github.com/Satsyxbt/Fenix/blob/bfcee140a38b39f0eb34dea6921b3b7d5248df82/contracts/core/VotingEscrowUpgradeable.sol#L988

Description:

The cast from int256 to uint256 can lead to an error because if int256 is negative when cast to uint256 it will return an erroneous result, for example: uint256(-1) = 115792089237316195423570985008687907853269984665640564039457584007913129639935

In the other hand casting int256 to int128 can lead to an overflow error when the input is smaller than smallest int128 or larger than largest int128 for example: int128(340282366920938463463374607431768211456) = 0

Recommended Mitigation Steps:

Use toUint256 when cast int256 to uint256 and toInt128 when cast int256 to int128 of SafeCast library of OZ

[BohdanHrytsak]

Thank you for the submission.

There are dangerous type casts that can lead to overflow, but is it really possible? At the moment, I don't know of any such case in this contract from real ones

The balance cannot fall below zero, and in places where it is possible there are checks with fuses

The just cast one type to other is not a problem, If you see a real problem, provide a description of case

[rotcivegaf]

I just realized that I classified it as medium, this was a mistake on my part, I intended it to be low

Is an unsafe cast with a low probability

[BohdanHrytsak]

Due to the lack of impact and inheritance from Thena/Chronos, OOS remains