overflow caused by uint32(block.timestamp) breaks roll()
Summary
An explicit conversion of block.timestamp to uint32 can cause overflow in the year of 2106.
Vulnerability Detail
block.timestamp returns a uint256 which has the value of the seconds that has elapsed since unix epoch. By casting the return to uint32, the maximum that will be allowed is 4294967295 which is February 7, 2106 6:28:16 AM. Once it goes after this date, uint32(block.timestamp) will overflow which will cause lastSettle to be reseted to 0. This breaks the roll() functionality as else if (lastSettle + cooldown > block.timestamp) will always return True and thus causing a revert.
Impact
User will be unable to roll the AutoRoller to the next series.
function roll() external {
if (maturity != MATURITY_NOT_SET) revert RollWindowNotOpen();
if (lastSettle == 0) {
// If this is the first roll, lock some shares in by minting them for the zero address.
// This prevents the contract from reaching an empty state during future active periods.
deposit(firstDeposit, address(0));
} else if (lastSettle + cooldown > block.timestamp) {
revert RollWindowNotOpen();
}
lastRoller = msg.sender;
adapter.openSponsorWindow();
}
koxuan
medium
overflow caused by uint32(block.timestamp) breaks roll()
Summary
An explicit conversion of
block.timestamp
touint32
can cause overflow in the year of 2106.Vulnerability Detail
block.timestamp
returns a uint256 which has the value of the seconds that has elapsed since unix epoch. By casting the return touint32
, the maximum that will be allowed is 4294967295 which is February 7, 2106 6:28:16 AM. Once it goes after this date,uint32(block.timestamp)
will overflow which will causelastSettle
to be reseted to 0. This breaks theroll()
functionality aselse if (lastSettle + cooldown > block.timestamp)
will always return True and thus causing a revert.Impact
User will be unable to roll the AutoRoller to the next series.
Code Snippet
AutoRoller.sol#L154-L167
AutoRoller.sol#L320
Tool used
Manual Review
Recommendation
remove
uint32
explicit casting as lastSettle is inuint256
and therefore it is not necessary to cast it explicitly