HonorLt
medium
The codebase contains several potential unsafe type casting that under certain conditions might brick the system.
There are some places in the code where it is assumed that the value will always fit into a narrow type so explicit casting is used, e.g.:
function _processQuoteMint(uint256 quoteAmount) private returns (uint256) {
uint256 normalizedAmount = quoteAmount.fromDecimalToDecimal(
ERC20(quoteToken).decimals(),
18
);
_checkNegativePnl(normalizedAmount);
quoteMinted += int256(normalizedAmount); function getUnrealizedPnl() public view returns (int256) {
return int256(redeemableUnderManagement) - int256(getPositionValue());
} function _rebalanceNegativePnlWithSwap(
uint256 amount,
uint256 amountOutMinimum,
uint160 sqrtPriceLimitX96,
uint24 swapPoolFee,
address account
) private returns (uint256, uint256) {
...
int256 shortFall = int256(
quoteAmount.fromDecimalToDecimal(18, ERC20(quoteToken).decimals())
) - int256(quoteAmountOut);
... function getUnrealizedPnl() public view returns (int256) {
return int256(getDepositoryAssets()) - int256(netAssetDeposits);
}While realistically it is not likely to deal with very large values, with smart contracts it is never a good practice to assume something, better always check and take extra precautions.
If the actual value does not fit in the new type, it will be truncated and will lead to the messed up accounting of the protocol. The likelihood is very low but the impact would be critical thus I think this issue deserves to be of Medium severity.
Manual Review
Use the Safe casting library from OZ when changing types.