Lines of code
<https://github.com/code-423n4/2023-09-venus/blob/b11d9ef9db8237678567e66759003138f2368d23/contracts/Tokens/Prime/libs/FixedMath.sol#L46>
<https://github.com/code-423n4/2023-09-venus/blob/b11d9ef9db8237678567e66759003138f2368d23/contracts/Tokens/Prime/libs/FixedMath.sol#L22>
functions in FixedMath.sol directly converting uint256 arguments to int256 which may overflow or return unexpected values
functions in FixedMath.sol like uintDiv() , uintMul() , toFixed() directly converting its arguments from uint256 to int256 without checking uint256 n < max(int256). as max(uint256) is 2^256-1 and max(int256) is 2^255-1 it is necessary to check for above limits to avoid overflow or unexpected values
also mentioned in oz docs ref:link
toInt256(uint256 value) → int256
internal
Converts an unsigned uint256 into a signed int256.
Requirements:
input must be less than or equal to maxInt256.
Available since v3.0.
Manual Review
Under/Overflow
The text was updated successfully, but these errors were encountered:
All reactions