The 'staleCheckLatestRoundData'functions returns a signed integer which is forcely casted into an unsigned integer without checking that its value is positive;
An overflow may induce unexpected behaviour both in getUsdValue and getTokenAmountFromUsd.
see : https://docs.soliditylang.org/en/latest/types.html#explicit-conversions
In the case of getUsdValue :
-the collateral value of a user would be inaccurate -> the account information would be inaccurate -> error in calculating the healthfactor which may force a user to be liquidated;
In the case of getTokenAmountFromUsd:
-the amount of redeemed collateral would be inaccurate -->user loose more money then expected.
Manual code review.
solidity docs.
verify that values are non-negative before casting them to unsigned integers.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.