Comment Mentions Downcasting to uint64 but Code Uses int256
Summary
In the function _getWeights in AntimomentumUpdateRule.sol and DifferenceMomentumUpdateRule.sol, there are comments indicating downcasting should happen at the end:
However, the actual code never performs a downcast to uint64. Instead, the final results (res) are assigned to an int256 array:
Vulnerability Details
Impact
Comment Mismatch: The documentation says one thing while the code does another, causing confusion for anyone maintaining or auditing this logic.
Potential Overflow Concerns: If the developer’s intention was to mitigate overflow by using uint64, storing in an int256 array might undermine that objective (though in Solidity 0.8.x, overflow checks are built-in for additions/multiplications).
Low Severity: This is not an immediate security flaw, but can lead to misunderstandings about the data type or the intended numeric range of weights.
Tools Used
Manual Audit
Recommendations
If downcasting is truly desired (to limit the weight’s range), implement the actual cast, for example:
uint64 finalWeight = uint64(res); // store finalWeight somewhere
Lead Judging Commences
Informational or Gas / Admin is trusted / Pool creation is trusted / User mistake / Suppositions
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.