Core Contracts

Summary

The updateInterestRatesAndLiquidity function contains an issue involving the use of .toUint128() when updating reserve.totalLiquidity, which is stored as a uint256. The forced downcasting may result in unintended behavior, particularly when handling large values.

Issue Description

Code Excerpt:

Problem:

1. Potential Overflow/Underflow:

   • liquidityAdded and liquidityTaken are uint256 values, while .toUint128() truncates them to uint128.

   • If liquidityAdded exceeds 2^128 - 1 (the max uint128 value), the downcast will cause an overflow, resulting in incorrect liquidity calculations.

   • Similarly, downcasting liquidityTaken could lead to an underflow if the original uint256 value was larger than uint128.

2. Loss of Precision:

   • When casting from uint256 to uint128, any value exceeding 2^128 - 1 is lost, potentially leading to an inaccurate total liquidity calculation.

   • This can introduce financial discrepancies in the system, affecting interest rate calculations and liquidity reserves.

Security Impact

• High severity: A malicious user (or even legitimate usage with large values) could trigger a miscalculation in the total liquidity, leading to incorrect interest rate updates.

• Potential funds mismanagement: Due to incorrect calculations, the system may allow excessive withdrawals or incorrect borrowing rates.

Recommended Fix

• Ensure that reserve.totalLiquidity remains a uint256 without downcasting.

• Modify the code as follows: