fix: make `_newCastCount` overflow resistant to handle nonconforming strategies

[mds1]

Motivation:

Closes https://github.com/llamaxyz/llama/issues/448

The policy contract enforces an invariant that "sum of all user quantities for a role == that role's total quantity". However, when casting approval, the quantity used is returned from the strategy. A strategy might not respect this invariant.

With such a strategy, it's possible for casts to be blocked by reverting on overflow in the currentCount + quantity line as discussed in https://github.com/spearbit-audits/review-llama2/issues/16

The fix here is to make _newCastCount more robust.

Modifications:

To make _newCastCount more robust it now behaves as follows:

• Both inputs are uint96, meaning when we add them, solidity overflows if the sum is greater than type(uint96).max. As a result, we must upcast one input to uint256 so solidity treats the addition as if we're adding to uint256 values.
• If the uint256 sum of the two inputs is greater than type(uint96).max, return type(uint96).max.
• Otherwise, return the sum.

Result:

LlamaCore can handle strategies that don't respect the expected behavior of quantities

[github-actions[bot]]

Coverage after merging fix/handle-nonconforming-strategy-quantities into main will be

84.03%

Coverage Report

File	Stmts	Branches	Funcs	Lines	Uncovered Lines
src
LlamaCore.sol	99.26%	97.30%	100%	100%	292, 393
LlamaExecutor.sol	80%	50%	100%	100%	33
LlamaFactory.sol	100%	100%	100%	100%
LlamaLens.sol	72.09%	20%	100%	82.61%	175–176, 179, 179, 179–180, 180, 180–181, 181, 181, 189
LlamaPolicy.sol	91.49%	88.89%	94.59%	91.30%	324, 361, 361, 361–363, 363, 363, 365–368, 370, 383
LlamaPolicyMetadata.sol	100%	100%	100%	100%
src/accounts
LlamaAccount.sol	100%	100%	100%	100%
src/lib
ERC721NonTransferableMinimalProxy.sol	70.42%	72.73%	72.73%	68.42%	102, 104, 106, 118–120, 190, 88, 88, 88, 90, 90, 90, 92, 92, 92, 97, 99
LlamaUtils.sol	100%	100%	100%	100%
PolicyholderCheckpoints.sol	55.88%	50%	81.82%	53.62%	125, 179–181, 181, 181–182, 184, 187, 217, 224, 224–226, 228, 228–230, 232, 232–234, 236, 236–238, 257, 260–266, 273, 46, 46–48, 48, 48–49, 51
SupplyCheckpoints.sol	57.14%	50%	83.33%	54.93%	131, 183–185, 185, 185–186, 188, 191, 235, 242, 242–244, 246, 246–248, 250, 250–252, 254, 254–256, 275, 278–284, 291, 50, 50–52, 52, 52–53, 55
src/llama-scripts
LlamaGovernanceScript.sol	50%	33.33%	43.75%	53.45%	106–108, 115–117, 125–128, 135–137, 146–150, 157–158, 166–168, 67, 74, 74, 76, 89–90, 97–98
src/strategies/absolute
LlamaAbsolutePeerReview.sol	100%	100%	100%	100%
LlamaAbsoluteQuorum.sol	100%	100%	100%	100%
LlamaAbsoluteStrategyBase.sol	94.74%	87.50%	90.91%	97.96%	238, 241, 289
src/strategies/relative
LlamaRelativeHolderQuorum.sol	91.67%	75%	100%	100%	46, 53
LlamaRelativeQuantityQuorum.sol	0%	0%	0%	0%	26, 26, 26–28, 38, 38, 38–40, 45–46, 46, 46–47, 52–53, 53, 53–54
LlamaRelativeStrategyBase.sol	97.59%	90.91%	100%	100%	203, 303
LlamaRelativeUniqueHolderQuorum.sol	93.33%	83.33%	100%	100%	48, 55