Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Unsafe casting operations in voting power calculations could lead to incorrect power values or system manipulation

nourelden

Vulnerability Details

  1. In veRAACToken.sol voting power is unsafely cast from int128 to uint256:

    uint256 newPower = uint256(uint128(bias));

    This involves two casts:

    • This involves two casts:

    • bias (int128) → uint128

    • uint128 → uint256

    The first cast from int128 to uint128 is unsafe because:

    • If bias is negative, it will result in unexpected behavior

    • Even if bias is positive, if its value is larger than type(uint128).max, it will be truncated

  2. In VotingPowerLib.sol, there are several similar unsafe casts:

return uint256(uint128(adjustedBias));

and

bias = int128(int256(initialPower));
slope = int128(int256(initialPower / duration));

Impact

Unsafe type casting in voting power calculations could lead to:

  • Incorrect voting power assignments

  • Potential system manipulation through overflow/underflow

  • Loss of governance functionality if power calculations fail

  • Possible economic impact if voting power affects reward calculations

Recommendations

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!