Platform: Code4rena
Start Date: 07/04/2023
Pot Size: $47,000 USDC
Total HM: 20
Participants: 120
Period: 6 days
Judge: GalloDaSballo
Total Solo HM: 4
Id: 230
League: ETH
Rank: 119/120
Findings: 1
Award: $5.77
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: sashik_eth
Also found by: 0x4non, 0x6980, 0xAgro, Cryptor, Kaysoft, Kenshin, Madalad, SaeedAlipoor01988, Sathish9098, W0RR1O, adriro, ayden, btk, catellatech, codeslide, devscrooge, georgits, giovannidisiena, lukris02, matrix_0wl, sayan, tnevler, tsvetanovv
5.7703 USDC - $5.77
https://github.com/code-423n4/2023-04-caviar/blob/main/src/PrivatePool.sol#L230-L231
Unsafe downcasting operation will cause truncation
File: src/PrivatePool.sol 230: virtualBaseTokenReserves += uint128(netInputAmount - feeAmount - protocolFeeAmount); 231: virtualNftReserves -= uint128(weightSum);
Manual Review
It is recommended to handle downcasting and use safe casting library to make sure the downcast does not unexpected truncate value.
https://docs.openzeppelin.com/contracts/3.x/api/utils#SafeCast
#0 - c4-pre-sort
2023-04-20T18:04:53Z
0xSorryNotSorry marked the issue as duplicate of #625
#1 - c4-judge
2023-04-27T08:54:17Z
GalloDaSballo marked the issue as duplicate of #167
#2 - c4-judge
2023-05-02T07:55:16Z
GalloDaSballo changed the severity to 3 (High Risk)
#3 - c4-judge
2023-05-02T07:56:14Z
GalloDaSballo marked the issue as partial-25
#4 - GalloDaSballo
2023-05-02T07:56:23Z
Incorrect conclusion and poor description 25%