This repository has been archived by the owner on May 5, 2024. It is now read-only.
Milad-Sha - Unsafe downcast #144
Labels
Excluded
Excluded by the judge without consulting the protocol or the senior
Non-Reward
This issue will not receive a payout
Milad-Sha
medium
Unsafe downcast
Summary
When a type is downcast to a smaller type, the higher order bits are truncated
Vulnerability Detail
When a type is downcast to a smaller type, the higher order bits are truncated, effectively applying a modulo to the original value. Without any other checks, this wrapping will lead to unexpected behavior and bugs.
Solidity does not check if it is safe to cast an integer to a smaller one. Unless some business logic ensures that the downcasting is safe, a library like SafeCast should be used.
Impact
When a type is downcast to a smaller type, the higher order bits are truncated, effectively applying a modulo to the original value. Without any other checks, this wrapping will lead to unexpected behavior and bugs.
Code Snippet
https://github.com/sherlock-audit/2023-10-looksrare/blob/main/contracts-infiltration/contracts/Infiltration.sol?plain=1#L875
https://github.com/sherlock-audit/2023-10-looksrare/blob/main/contracts-infiltration/contracts/Infiltration.sol?plain=1#L879
https://github.com/sherlock-audit/2023-10-looksrare/blob/main/contracts-infiltration/contracts/Infiltration.sol?plain=1#L512
Tool used
Manual Review
Recommendation
You can use the SafeCast library to prevent Unsafe downcast.
The text was updated successfully, but these errors were encountered: