Beanstalk: Dive Into Basin
Beanstalk
DeFiHardhat
12,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

No checks on the length of the `lastReserves` array before casting to `uint8`.

tigerfrake

Summary

In the storeLastReserves() function, the length of the lastReserves array is directly cast to a uint8 without checking if the length exceeds the maximum value that a uint8 can hold (255).

Vulnerability Details

storeLastReserves ()

Here is the relevant code:

function storeLastReserves(bytes32 slot, uint40 lastTimestamp, uint256[] memory lastReserves) internal {
uint8 n = uint8(lastReserves.length); // @audit Direct cast without validation
...
}

If the length of lastReserves is greater than 255, casting to uint8 will cause an overflow, resulting in an incorrect value for n.

Impact

This could lead to unexpected behavior when storing and reading the reserves since solidity downcasting does not revert on overflow.

Tools Used

Manua Review

Recommendations

A check should be added to ensure lastReserves.length is within the valid range for a uint8.

function storeLastReserves(bytes32 slot, uint40 lastTimestamp, uint256[] memory lastReserves) internal {
require(lastReserves.length <= type(uint8).max, "Length exceeds uint8 range"); // @audit Safe Casting
uint8 n = uint8(lastReserves.length);
...
}
Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice
Assigned finding tags:

Informational/Invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.