Platform: Code4rena
Start Date: 07/04/2023
Pot Size: $47,000 USDC
Total HM: 20
Participants: 120
Period: 6 days
Judge: GalloDaSballo
Total Solo HM: 4
Id: 230
League: ETH
Rank: 93/120
Findings: 1
Award: $23.08
π Selected for report: 0
π Solo Findings: 0
π Selected for report: sashik_eth
Also found by: 0x4non, 0x6980, 0xAgro, Cryptor, Kaysoft, Kenshin, Madalad, SaeedAlipoor01988, Sathish9098, W0RR1O, adriro, ayden, btk, catellatech, codeslide, devscrooge, georgits, giovannidisiena, lukris02, matrix_0wl, sayan, tnevler, tsvetanovv
23.0813 USDC - $23.08
Judge has assessed an item in Issue #549 as 3 risk. The relevant finding follows:
[L-02] Unsafe casting of uints Downcasting from uint256 in Solidity does not revert on overflow. This can easily result in undesired exploitation or bugs, since developers usually assume that overflows raise errors. OpenZeppelin's SafeCast restores this intuition by reverting the transaction when such an operation overflows. Using this library instead of the unchecked operations eliminates an entire class of bugs, so itβs recommended to use it always.
For example:
// Before virtualNftReserves -= uint128(weightSum); // After virtualNftReserves -= toUint128(weightSum); File: src/PrivatePool.sol
230: virtualBaseTokenReserves += uint128(netInputAmount - feeAmount - protocolFeeAmount); 231: virtualNftReserves -= uint128(weightSum);
323: virtualBaseTokenReserves -= uint128(netOutputAmount + protocolFeeAmount + feeAmount); 324: virtualNftReserves += uint128(weightSum);
#0 - c4-judge
2023-05-04T16:55:29Z
GalloDaSballo marked the issue as duplicate of #167
#1 - c4-judge
2023-05-04T16:56:27Z
GalloDaSballo marked the issue as satisfactory