DittoETH
Ditto
DeFiFoundryOracle
55,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Consider using OpenZeppelin’s SafeCast library to prevent unexpected overflows when casting from various type int/uint values

oualidpro

Summary

Vulnerability Details

Consider using OpenZeppelin’s SafeCast library to prevent unexpected overflows when casting from various type int/uint values

File: contracts/facets/ERC721Facet.sol
//@audit `tokenId` is getting converted from `uint256` to `uint40`
162: LibShortRecord.transferShortRecord(asset, from, to, uint40(tokenId), nft);

Link to code

File: contracts/facets/MarginCallPrimaryFacet.sol
//@audit `a` is getting converted from `uint256` to `uint88`
284: return a < b ? uint88(a) : b;

Link to code

File: contracts/facets/MarginCallSecondaryFacet.sol
//@audit `a` is getting converted from `uint256` to `uint88`
192: return a < b ? uint88(a) : b;

Link to code

File: contracts/facets/OwnerFacet.sol
//@audit `vault` is getting converted from `uint256` to `uint8`
281: s.bridge[bridge].vault = uint8(vault);

Link to code

File: contracts/facets/YieldFacet.sol
//@audit `dittoReward` is getting converted from `uint256` to `uint80`
142: VaultUser.dittoReward += uint80(dittoReward);
//@audit `protocolTime` is getting converted from `uint256` to `uint16`
170: Vault.dittoMatchedTime = uint16(protocolTime); // @dev(safe-cast)
//@audit `userReward` is getting converted from `uint256` to `uint80`
178: VaultUser.dittoReward += uint80(userReward);

Link to code

File: contracts/libraries/LibOracle.sol
//@audit `basePrice` is getting converted from `int256` to `uint256`
56: uint256 priceInEth = uint256(price).div(uint256(basePrice));
//@audit `price` is getting converted from `int256` to `uint256`
56: uint256 priceInEth = uint256(price).div(uint256(basePrice));
//@audit `oraclePrice` is getting converted from `uint256` to `uint80`
136: s.bids[asset][Constants.HEAD].ercAmount = uint80(oraclePrice);

Link to code

Impact

Possible overflows

Tools Used

Manual

Recommendations

Consider using OpenZeppelin’s SafeCast library to prevent unexpected overflows when casting from various type int/uint values

Updates

Lead Judging Commences

0xnevi Lead Judge
over 1 year ago
0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Vague generalities

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.