search

sherlock-audit / 2023-10-real-wagmi-judging

16 stars 14 forks source link

0xkazim - Unsafe type casting lead to unintended behavior #153

Closed sherlock-admin closed 11 months ago

sherlock-admin commented 11 months ago

0xkazim

medium

Unsafe type casting lead to unintended behavior

Summary

This report highlights vulnerabilities related to unsafe type casting and uint value manipulation within a specific protocol or codebase. These actions occur without employing any safety libraries, potentially resulting in undesired outcomes, including incorrect value types and other adverse effects.

Vulnerability Detail

In both the LiquidityBorrowingManager.sol and the DailyRateAndCollateral.sol contracts, unsafe type casting is identified, which may lead to unintended behaviors. in this line we cast the uint256 Constants.COLLATERAL_BALANCE_PRECISION which is 1e18 to init256 which may cause return of wrong decimals value:

 function checkDailyRateCollateral(
        bytes32 borrowingKey
    ) external view returns (int256 balance, uint256 estimatedLifeTime) {
        (, balance, estimatedLifeTime) = _getDebtInfo(borrowingKey);
        //@audit unsafe casting from uint to init
        balance /= int256(Constants.COLLATERAL_BALANCE_PRECISION);
    }

Similarly for the DailyRateAndCollateral in this line which it may lead to retrun incorrect value:


    function _calculateCollateralBalance(
        uint256 borrowedAmount,
        uint256 borrowingAccLoanRatePerShare,
        uint256 borrowingDailyRateCollateral,
        uint256 accLoanRatePerSeconds
    ) internal pure returns (int256 collateralBalance, uint256 currentFees) {
        if (borrowedAmount > 0) {
            currentFees = FullMath.mulDivRoundingUp(
                borrowedAmount,
                accLoanRatePerSeconds - borrowingAccLoanRatePerShare,
                Constants.BP
            );
            //@audit unsafe cast change
            collateralBalance = int256(borrowingDailyRateCollateral) - int256(currentFees);
        }
    }

The _calculateCollateralBalance function is employed in multiple sections of the LiquidityBorrowingManager.sol contract: https://github.com/sherlock-audit/2023-10-real-wagmi/blob/main/wagmi-leverage/contracts/LiquidityBorrowingManager.sol#L1006

https://github.com/sherlock-audit/2023-10-real-wagmi/blob/main/wagmi-leverage/contracts/LiquidityBorrowingManager.sol#L410

https://github.com/sherlock-audit/2023-10-real-wagmi/blob/main/wagmi-leverage/contracts/LiquidityBorrowingManager.sol#L552

https://github.com/sherlock-audit/2023-10-real-wagmi/blob/main/wagmi-leverage/contracts/LiquidityBorrowingManager.sol#L931

https://github.com/sherlock-audit/2023-10-real-wagmi/blob/main/wagmi-leverage/contracts/LiquidityBorrowingManager.sol#L1006

Impact

Unsafe casting operations can lead to unintended behavior or result in the loss of accurate values.

Code Snippet

https://github.com/sherlock-audit/2023-10-real-wagmi/blob/main/wagmi-leverage/contracts/LiquidityBorrowingManager.sol#L237 https://github.com/sherlock-audit/2023-10-real-wagmi/blob/main/wagmi-leverage/contracts/abstract/DailyRateAndCollateral.sol#L115

Tool used

Manual Review

Recommendation

recommend implementing the use of the safeCast library from OpenZeppelin (OZ) to ensure secure type conversions and mitigate potential vulnerabilities.

sherlock-admin2 commented 11 months ago

1 comment(s) were left on this issue during the judging contest.

tsvetanovv commented:

Invalid or Low. In the examples you have given everything looks fine to me