Summary

The ConvertFacet contract contains a potential integer overflow vulnerability in the _depositTokensForConvert function.

Vulnerability Details

The overflow happens when an arithmetic operation reaches the maximum size of a type. In the _depositTokensForConvert function, the grownStalk variable, which represents the amount of grown stalk retained to issue to the new deposit, is added to the active stalk minted to the user. However, there is no validation or check to ensure that the addition of grownStalk to the active stalk does not result in an integer overflow.

Impact

If the addition of grownStalk to the active stalk exceeds the maximum representable value for the data type used to store stalk amounts, an integer overflow will occur. This could potentially result in incorrect calculations, unexpected behavior, or even exploitation by attackers.

Tools Used

Manual

Recommendations

1. Use SafeMath: Implement SafeMath or similar safe arithmetic libraries to perform arithmetic operations on stalk amounts to prevent integer overflow vulnerabilities.

2. Validate Inputs: Ensure that inputs, such as grownStalk, are properly validated and constrained to prevent values that could lead to integer overflow.