DittoETH
Ditto
DeFiFoundryOracle
55,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Unsafe casting

aballok

Summary

There are parts that do unsafe downcasting of values

Vulnerability Details

The project makes use of different uint types and there are several instances where direct casting is made that may not be safe. See example below

LibOrders.sol lines 24-32

// @dev in seconds
function getOffsetTime() internal view returns (uint32 timeInSeconds) {
// shouldn't overflow in 136 years
return uint32(block.timestamp - Constants.STARTING_TIME); // @dev(safe-cast)
}
// @dev in hours
function getOffsetTimeHours() internal view returns (uint24 timeInHours) {
return uint24(getOffsetTime() / 1 hours);
}

In above example we can see that getOffsetTime() a uint32 magnitude value divided by small value 1 hours; is cast into a uint24 value which is not safe.

Impact

Unsafe downcasting casting can lead to errors due to truncation of results which distorts the values in the protocol/projects

Tools Used

Manual Analysis

Recommendations

It is recommended to review all the various casting instances in the project and make use of SafeCast Libraries and or SafeCast functions so that there are reverts in the case of underflows or overflows

Updates

Lead Judging Commences

0xnevi Lead Judge
almost 2 years ago
0xnevi Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.