The uint256AsciiNbcharsToString
function in the Cairo compatibility library performs unsafe downcasting from uint256
to uint8
without proper validation. This can lead to data truncation and unintended behavior, potentially causing incorrect string conversions.
Location: uint256AsciiNbcharsToString
function, line 452.
Code Snippet:
byteString[i] = bytes1(uint8(asciiValue));
The function extracts ASCII values from a uint256
and downcasts them to uint8
. If asciiValue
exceeds the range of uint8
(0-255), it will be truncated, leading to data loss.
Detail test:
Characters in the resulting string may be incorrect if the asciiValue
exceeds 255, leading to loss of significant bits.
The function may produce strings with unintended characters, potentially affecting the integrity of data and causing unexpected behavior in applications relying on this conversion.
Manual review
Implement OpenZeppelin's SafeCast
library to ensure safe downcasting.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.