sherlock-audit / 2024-05-beefy-cowcentrated-liquidity-manager-judging

5 stars 5 forks source link

nour99 - [M-1] Unsafe casting of user amount from uint256 to uint128 #31

Closed sherlock-admin4 closed 5 months ago

sherlock-admin4 commented 5 months ago

nour99

medium

[M-1] Unsafe casting of user amount from uint256 to uint128

Summary

The unsafe casting from uint256 to uint128 may cause lose of funds.

Vulnerability Detail

Downcasting int/uints in Solidity can be unsafe due to the potential for data loss and unintended behavior.When downcasting a larger integer type to a smaller one (e.g., uint256 to uint128), the value may exceed the range of the target type,leading to truncation and loss of significant digits.

Impact

can leading to truncation and loss of significant digits.

Code Snippet

https://github.com/sherlock-audit/2024-05-beefy-cowcentrated-liquidity-manager/blob/main/cowcentrated-contracts/contracts/utils/TickUtils.sol#L44

Tool used

Manual Review

Recommendation

use OpenZeppelin’s SafeCast library when casting from uint256 to uint128.

sherlock-admin2 commented 5 months ago

1 comment(s) were left on this issue during the judging contest.

z3s commented:

Invalid; getLiquidityForAmounts return uint128