search

sherlock-audit / 2023-01-ajna-judging

1 stars 0 forks source link

Deivitto - Unsafe cast affects asset values like `interest_rate` #182

Closed github-actions[bot] closed 1 year ago

github-actions[bot] commented 1 year ago

Deivitto

medium

Unsafe cast affects asset values like interest_rate

Summary

Type cast with overflows doesn't throw an error / revert

Vulnerability Detail

Even though Solidity 0.8.x is used, type casts do not throw an error. A SafeCast library must be used everywhere a typecast is done. SafeCast Reference.

Impact

Wrong values used over the code as overflow / underflow doesn't revert on cast

Code Snippet

https://github.com/sherlock-audit/2023-01-ajna/blob/main/contracts/src/libraries/external/Auctions.sol#L1135 uint256 borrowerPayoffFactor = (vars.isRewarded) ? Maths.WAD - uint256(vars.bpf) : Maths.WAD;

https://github.com/sherlock-audit/2023-01-ajna/blob/main/contracts/src/libraries/external/Auctions.sol#L1168 vars.bondChange = Maths.wmul(vars.scaledQuoteTokenAmount, uint256(vars.bpf));

https://github.com/sherlock-audit/2023-01-ajna/blob/main/contracts/src/libraries/external/Auctions.sol#L1171 vars.bondChange = Maths.wmul(vars.scaledQuoteTokenAmount, uint256(-vars.bpf));

https://github.com/sherlock-audit/2023-01-ajna/blob/main/contracts/src/libraries/external/Auctions.sol#L1203 liquidation.kickTime = uint96(block.timestamp);

https://github.com/sherlock-audit/2023-01-ajna/blob/main/contracts/src/libraries/external/Auctions.sol#L1204 liquidation.kickMomp = uint96(momp_);

https://github.com/sherlock-audit/2023-01-ajna/blob/main/contracts/src/libraries/external/Auctions.sol#L1206 liquidation.bondFactor = uint96(bondFactor_);

https://github.com/sherlock-audit/2023-01-ajna/blob/main/contracts/src/libraries/external/Auctions.sol#L1207 liquidation.neutralPrice = uint96(neutralPrice_);

https://github.com/sherlock-audit/2023-01-ajna/blob/main/contracts/src/libraries/external/PoolCommons.sol#L119 interestParams_.interestRate = uint208(newInterestRate);

Tool used

Manual Review

Recommendation

Use safeCast library for conversions that can overflow / underflow