Unsafe Casting
Description:
If an overflow occurs during the casting operation, the computed value of the vault's total credit delegation weight may be significantly incorrect. This miscalculation can propagate through the system, leading to erroneous updates in the recalculateVaultsCreditCapacity function (see here), which is responsible for recalculating the latest credit capacity of the specified vaults based on their asset and debt values. As a result, branches such as CreditDelegationBranch, FeeDistributionBranch, MarketMakingEngineConfigurationBranch, and VaultRouterBranch may also be adversely affected.
Note: The LightChaserV3_CodeHawks_Zaros_2.md report did not mention this specific unsafe casting issue. However, if an overflow occurs, it could have a significant impact on the accuracy of weight calculations.
Impact:
If totalAssets() exceeds the maximum value of a uint128, the cast will truncate the value, leading to incorrect weight calculations that affect the entire credit capacity recalculation process.
Example problematic code:
For more information, see the code here.
Recommendation (Mitigation Steps):
Implement a safe casting mechanism that checks for overflow conditions to ensure the computed weight value is correct. Using OpenZeppelin's SafeCast library is recommended for this type of operation. This will prevent the truncation of values when totalAssets() exceeds the limits of a uint128.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.