functions in FixedMath.sol directly converting uint256 arguments to int256 which may overflow

Lines of code Vulnerability details Impact functions in FixedMath.sol directly converting uint256 arguments to int256 which may overflow or return unexpected values Proof of Concept functions in FixedMath.sol like uintDiv , uintMul , toFixed directly converting its arguments from uint256 to int25...

Unsafe typecasting can lead to tokens being locked in the contract

Lines of code Vulnerability details Impact In the createLock function the amount is calculated by casting the uint256 value to int128 in an unsafe way. Specifically the locked.amount is calculated as: locked.amount += int128int256value; could result in a negative value for locked.amount. For...

Collateralization ratio manipulation can cause a denial of service

Lines of code Vulnerability details Impact Stablecoin redeeming and profit accruing in the SavingsVest contract can be blocked when the collateralization ratio has overflown. Proof of Concept The mitigation recommended in 31 and implemented by the sponsor in this commit doesn't resolve the root...

M-02 Unmitigated

Lines of code Vulnerability details Original Issue code-423n4/2023-06-angle-findings31 Details It shows LibGetters.getCollateralRatio might return the incorrect ratio due to the unsafe cast. Mitigation PR: AngleProtocol/angle-transmuter@6f2ffcb During the mitigation, it uses the safeCast library...

Unsafe cast in getCollateralRatio()

Lines of code Vulnerability details Impact LibGetters.getCollateralRatio might return the incorrect ratio due to the unsafe cast. Proof of Concept getCollateralRatio outputs the collateral ratio using the total collaterals and issued agTokens. // The stablecoinsIssued value need to be rounded up...

Unsafe cast in swap and uniswapV3SwapCallback functions can lead to attack

Lines of code Vulnerability details Impact The swap and uniswapV3SwapCallback functions performs an unsafe cast of a uint256 type to a signed integer. amountReceived = uint256-projectTokenIsZero ? amount0 : amount1; Note that amount is chosen by the caller and when choosing amount = 2256 - 1, thi...

Overflow in _swap() change the behavior of pool.swap()

Lines of code Vulnerability details Impact In swap, amountSpecified is set to int256data.amount.value. But data.amount.value is an uint256. If data.amount.value is bigger than typeint256.max, amountSpecified becomes a negative value due to overflow. And a negative amountSpecified means a complete...

Integer Overflow in ScreeningVote Function of StandardFunding.sol.

Lines of code Vulnerability details Impact In the screeningVote function of StandardFunding.sol contract, specifically in the line where the votes parameter is converted to a uint128 using the SafeCast.toUint128 function. The issue is that the votes parameter is not limited to 128 bits, which can...

Upgraded Q -> 3 from #853 [1683219256548]

Judge has assessed an item in Issue 853 as 3 risk. The relevant finding follows: LC-02 USE THE SAFECAST LIBRARY FOR CASTING VALUES TO AVOID OVERFLOW/UNDERFLOW File: virtualBaseTokenReserves += uint128netInputAmount - feeAmount - protocolFeeAmount; virtualNftReserves -= uint128weightSum; --- The...

Upgraded Q -> 3 from #891 [1683219170863]

Judge has assessed an item in Issue 891 as 3 risk. The relevant finding follows: L-1: Unsafe casting may overflow Context: virtualBaseTokenReserves += uint128netInputAmount - feeAmount - protocolFeeAmount; L230 virtualNftReserves -= uint128weightSum; L231 virtualBaseTokenReserves -=...

Upgraded Q -> 3 from #421 [1683219158450]

Judge has assessed an item in Issue 421 as 3 risk. The relevant finding follows: 1. Unchecked Cast May Overflow As of Solidity 0.8 overflows are handled automatically; however, not for casting. For example uint324294967300 will result in 4 without reversion. Consider using OpenZepplin's SafeCast...

Upgraded Q -> 3 from #306 [1683219251927]

Judge has assessed an item in Issue 306 as 3 risk. The relevant finding follows: L-01 Consider using OpenZeppelin’s SafeCast library to prevent unexpected overflows when casting from uint256 In the function buy and sell of the contract PrivatePool.sol the function first set the variables...

Upgraded Q -> 3 from #826 [1683219178977]

Judge has assessed an item in Issue 826 as 3 risk. The relevant finding follows: 12. Consider using OpenZeppelin’s SafeCast library to prevent unexpected overflows when casting from uint256. PrivatePool.solL2 File: src/PrivatePool.sol 231: virtualNftReserves -= uint128weightSum;...

Upgraded Q -> 3 from #316 [1683219136420]

Judge has assessed an item in Issue 316 as 3 risk. The relevant finding follows: L-04 USE THE OPENZEPPELIN SAFECAST LIBRARY FOR CRITICAL FUNCTIONS 2 --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 3 from #13 [1683219131959]

Judge has assessed an item in Issue 13 as 3 risk. The relevant finding follows: L-6 Consider using OpenZeppelin’s SafeCast library to prevent unexpected errors 3 --- The text was updated successfully, but these errors were encountered: 👍 1 sathishpic22 reacted with thumbs up emoji All reactions 👍...

Upgraded Q -> 3 from #549 [1683219263333]

Judge has assessed an item in Issue 549 as 3 risk. The relevant finding follows: L-02 Unsafe casting of uints Downcasting from uint256 in Solidity does not revert on overflow. This can easily result in undesired exploitation or bugs, since developers usually assume that overflows raise errors...

Upgraded Q -> 3 from #222 [1683017474019]

Judge has assessed an item in Issue 222 as 3 risk. The relevant finding follows: L-02 Downcasting uint or int may result in overflow Consider using OpenZeppelin's SafeCast library to prevent unexpected overflows. Instances: 2 File: src/PrivatePool.sol 231: virtualNftReserves -= uint128weightSum;...

Unsafe cast

Lines of code Vulnerability details Impact In AccountCodeStorage.sol we have function getCodeHash and getCodeSize Due to an insecure cast, it is possible to get an integer overflow. Solidity version 0.8.0 provide SafeMath, but casting operations are not safe and can overflow. Proof of Concept As...

Unsafe downcasting operation truncate numberOfTickets input

Lines of code Vulnerability details Impact Unsafe downcasting operation truncate numberOfTickets input . Player and Referrer may lose their earning because of the wrong downcasting Proof of Concept There are a few unsafe downcasting operation that truncate numberOfTickets input. The impact can be...

Unsafe typecasting

Lines of code Vulnerability details Impact In the RToken.issueTo function unsafe typecasting of uint256 to int256 is performed while invoking the Throttle.useAvailable function. function issueToaddress recipient, uint256 amount public notPausedOrFrozen exchangeRateIsValidAfter requireamount 0,...