Integer Overflow in `queuedRESDLSupplyChange`in `SDLPoolSecondary.sol` Due to Unsafe Type Casting
Summary
The SDLPoolSecondary.sol contract contains a potential vulnerability due to unsafe casting from uint256 to int256 in the _queueNewLock function. This occurs when summing lock.amount and lock.boostAmount and casting the result to int256 before adding it to SDLPoolSecondary.sol ::queuedRESDLSupplyChange. If the sum exceeds 2**255, it could cause an integer overflow, leading to an incorrect value being stored in queuedRESDLSupplyChange.
Vulnerability Details
The contract assumes that the sum of lock.amount and lock.boostAmount will always be within the range that an int256 can safely represent. However, if this sum exceeds 2**255 - 1, the casting operation will cause an integer overflow, leading to an incorrect value being stored in queuedRESDLSupplyChange.
Impact
If an overflow occurs, it could result in incorrect accounting of the total supply change of the staking derivative token reSDL, which in turn could affect the integrity of the staking mechanism and potentially lead to loss of funds or incorrect reward calculations.
Tools Used
Manual Review
Recommendations
use openzepplin safeCasting.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.