nevillehuang
commented
1 year ago Lack of explanation of how the issue could occur. At most low/informational severity, based on sherlocks guidelines
In addition to this, there is a submission D which identifies the core issue but does not clearly describe the impact or an attack path. Then D is considered low.
0xWSeeC
medium
Unsafe downcasts will silently overflow
Summary
There are some unsafe type casting, multiple instances of downcasting from
uint256to smaller unsigned integer types such asuint16,uint32,uint40, anduint56are performed without checks for overflow. This can lead to silent overflows and unintended behavior in the smart contract.Vulnerability Detail
Type casting in Solidity does not inherently check for overflows. When a larger
uint256type is cast to a smaller type likeuint16,uint32,uint40, oruint56, and the original value exceeds the maximum representable value of the smaller type, an overflow occurs. The result is a completely different value that can lead to logical errors, incorrect computations, and could potentially be exploited.Impact
If these overflows are exploited or occur unintentionally, they could lead to critical issues in contract logic, such as accounting errors, incorrect balance calculations, or even enabling denial of service and other malicious attacks. This undermines the contract's integrity and can lead to loss of funds or unexpected contract behavior.
Code Snippet
uint16 https://github.com/sherlock-audit/2023-10-looksrare/blob/881e75651d6592892f10a99f57d2862cf0df65f5/contracts-infiltration/contracts/Infiltration.sol#L512 https://github.com/sherlock-audit/2023-10-looksrare/blob/881e75651d6592892f10a99f57d2862cf0df65f5/contracts-infiltration/contracts/Infiltration.sol#L621 https://github.com/sherlock-audit/2023-10-looksrare/blob/881e75651d6592892f10a99f57d2862cf0df65f5/contracts-infiltration/contracts/Infiltration.sol#L769 https://github.com/sherlock-audit/2023-10-looksrare/blob/881e75651d6592892f10a99f57d2862cf0df65f5/contracts-infiltration/contracts/Infiltration.sol#L770 https://github.com/sherlock-audit/2023-10-looksrare/blob/881e75651d6592892f10a99f57d2862cf0df65f5/contracts-infiltration/contracts/Infiltration.sol#L875 https://github.com/sherlock-audit/2023-10-looksrare/blob/881e75651d6592892f10a99f57d2862cf0df65f5/contracts-infiltration/contracts/Infiltration.sol#L879 https://github.com/sherlock-audit/2023-10-looksrare/blob/881e75651d6592892f10a99f57d2862cf0df65f5/contracts-infiltration/contracts/Infiltration.sol#L883 https://github.com/sherlock-audit/2023-10-looksrare/blob/881e75651d6592892f10a99f57d2862cf0df65f5/contracts-infiltration/contracts/Infiltration.sol#L884 https://github.com/sherlock-audit/2023-10-looksrare/blob/881e75651d6592892f10a99f57d2862cf0df65f5/contracts-infiltration/contracts/Infiltration.sol#L937 https://github.com/sherlock-audit/2023-10-looksrare/blob/881e75651d6592892f10a99f57d2862cf0df65f5/contracts-infiltration/contracts/Infiltration.sol#L1125 https://github.com/sherlock-audit/2023-10-looksrare/blob/881e75651d6592892f10a99f57d2862cf0df65f5/contracts-infiltration/contracts/Infiltration.sol#L1297 https://github.com/sherlock-audit/2023-10-looksrare/blob/881e75651d6592892f10a99f57d2862cf0df65f5/contracts-infiltration/contracts/Infiltration.sol#L1452 https://github.com/sherlock-audit/2023-10-looksrare/blob/881e75651d6592892f10a99f57d2862cf0df65f5/contracts-infiltration/contracts/Infiltration.sol#L1465 https://github.com/sherlock-audit/2023-10-looksrare/blob/881e75651d6592892f10a99f57d2862cf0df65f5/contracts-infiltration/contracts/Infiltration.sol#L1569 https://github.com/sherlock-audit/2023-10-looksrare/blob/881e75651d6592892f10a99f57d2862cf0df65f5/contracts-infiltration/contracts/Infiltration.sol#L1574
uint32 https://github.com/sherlock-audit/2023-10-looksrare/blob/881e75651d6592892f10a99f57d2862cf0df65f5/contracts-infiltration/contracts/Infiltration.sol#L1298 https://github.com/sherlock-audit/2023-10-looksrare/blob/881e75651d6592892f10a99f57d2862cf0df65f5/contracts-infiltration/contracts/Infiltration.sol#L1299 https://github.com/sherlock-audit/2023-10-looksrare/blob/881e75651d6592892f10a99f57d2862cf0df65f5/contracts-infiltration/contracts/Infiltration.sol#L1262
uint40 https://github.com/sherlock-audit/2023-10-looksrare/blob/881e75651d6592892f10a99f57d2862cf0df65f5/contracts-infiltration/contracts/Infiltration.sol#L1308
uint56 https://github.com/sherlock-audit/2023-10-looksrare/blob/881e75651d6592892f10a99f57d2862cf0df65f5/contracts-infiltration/contracts/Infiltration.sol#L689
Tool used
Manual Review
Recommendation
It is strongly recommended to perform explicit checks before casting to ensure that the value being cast does not exceed the range of the target type. This can be achieved by using conditionals or assertive functions to verify the safety of the value before performing the cast. Alternatively, SafeMath libraries or the latest Solidity compiler with built-in overflow checks should be used to prevent such issues.