Skip to content
This repository has been archived by the owner on Dec 31, 2023. It is now read-only.

Latest commit

 

History

History
28 lines (23 loc) · 1 KB

197.md

File metadata and controls

28 lines (23 loc) · 1 KB
Raw

shealtielanz

high

Unsafe Down Cast of token Index

Summary

when casting to a lower unit, from a higher one it would lead to a silent overflow.

Vulnerability Detail

In the setNewToken() function, the tokenIndex variable is initialized via uint256.

        uint256 tokenIndex;

and after being calculated, it is downcated to uint8.

 state.tokenMMInfoMap[token].tokenIndex = uint8(tokenIndex);

where the value of the tokenIndex calculated is greater than uint8 it will lead to an overflow.

Impact

When an Overflow happens to the value stored, the state.tokenMMInfoMap[token].tokenIndex will be wrong leading to wrong calculations in the future, when getting the token price or amounts, also will lead to accounting issues in D3Maker.sol.

Code Snippet

Tool used

Manual Review

Recommendation

Use safeCast Library to do casting to prevent overflow.