In the swap function, the to_amount is calculated as a u128 value but is then cast to u64 when passing it to the transfer_from_vault_to_owner function. This conversion could potentially truncate the value if it exceeds the maximum value of u64 (18,446,744,073,709,551,615).
Impact
This issue could lead to several problems:
For very large swap amounts, the truncation could result in a significant loss of funds for the user.
It may cause unexpected behavior in the protocol, as the actual transferred amount might be less than what was calculated and expected.
It could potentially be exploited by malicious actors to manipulate swap outcomes in their favor.
Code snippet
transfer_from_vault_to_owner(
woopool_to,
token_vault_to,
token_to_account,
&ctx.accounts.token_program,
to_amount as u64,
)?;
Recommendation
Implement a check to ensure that the to_amount does not exceed the maximum value of u64 before the conversion.
Add explicit error handling for cases where the amount exceeds u64 capacity.
Example implementation:
if to_amount > u64::MAX as u128 {
return Err(ErrorCode::AmountExceedsU64Max.into());
}
transfer_from_vault_to_owner(
woopool_to,
token_vault_to,
token_to_account,
&ctx.accounts.token_program,
to_amount as u64,
)?;
Little Aquamarine Jellyfish
High
Potential Loss of Precision in Swap Amount Conversion
Summary
The swap function in
swap.rs
converts theto_amount
from u128 to u64, which could lead to a loss of precision or overflow for large swap amounts.Relevant links
https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/main/WOOFi_Solana/programs/woofi/src/instructions/swap.rs#L96-L226
Description
In the swap function, the
to_amount
is calculated as a u128 value but is then cast to u64 when passing it to thetransfer_from_vault_to_owner
function. This conversion could potentially truncate the value if it exceeds the maximum value of u64(18,446,744,073,709,551,615)
.Impact
This issue could lead to several problems:
For very large swap amounts, the truncation could result in a significant loss of funds for the user.
It may cause unexpected behavior in the protocol, as the actual transferred amount might be less than what was calculated and expected.
It could potentially be exploited by malicious actors to manipulate swap outcomes in their favor.
Code snippet
Recommendation
Implement a check to ensure that the
to_amount
does not exceed the maximum value of u64 before the conversion.Add explicit error handling for cases where the amount exceeds u64 capacity. Example implementation: