This repository has been archived by the owner on May 5, 2024. It is now read-only.
Milad-Sha - Unsafe downcast #144
Labels
Excluded
Excluded by the judge without consulting the protocol or the senior
Non-Reward
This issue will not receive a payout
Comments
github-actions
bot
added
the
Excluded
|
Near impossible for agent ids to be out of bounds/unsafely downcasted |
rcstanciu
added
the
Has Duplicates
sherlock-admin2
changed the title
sherlock-admin2
added
Non-Reward
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Milad-Sha
medium
Unsafe downcast
Summary
When a type is downcast to a smaller type, the higher order bits are truncated
Vulnerability Detail
When a type is downcast to a smaller type, the higher order bits are truncated, effectively applying a modulo to the original value. Without any other checks, this wrapping will lead to unexpected behavior and bugs.
Solidity does not check if it is safe to cast an integer to a smaller one. Unless some business logic ensures that the downcasting is safe, a library like SafeCast should be used.
Impact
When a type is downcast to a smaller type, the higher order bits are truncated, effectively applying a modulo to the original value. Without any other checks, this wrapping will lead to unexpected behavior and bugs.
Code Snippet
https://github.com/sherlock-audit/2023-10-looksrare/blob/main/contracts-infiltration/contracts/Infiltration.sol?plain=1#L875
https://github.com/sherlock-audit/2023-10-looksrare/blob/main/contracts-infiltration/contracts/Infiltration.sol?plain=1#L879
https://github.com/sherlock-audit/2023-10-looksrare/blob/main/contracts-infiltration/contracts/Infiltration.sol?plain=1#L512
Tool used
Manual Review
Recommendation
You can use the SafeCast library to prevent Unsafe downcast.
The text was updated successfully, but these errors were encountered: