29484 - [SC - Insight] Potential Loss of Precision in Conversion from ...

Submitted on Mar 20th 2024 at 23:27:54 UTC by @Flare for Boost | Immunefi Arbitration

Report ID: #29484

Report type: Smart Contract

Report severity: Insight

Target: https://github.com/immunefi-team/vaults/blob/main/src/WithdrawalSystem.sol

Impacts:

Precision

Description

Brief/Intro

The setUp function in the WithdrawalSystem contract involves converting a uint256 value to a uint32 for setting the cooldown period for withdrawals. This conversion may lead to a loss of precision and unexpected behavior if the original value exceeds the range representable by a uint32

Vulnerability Details

https://github.com/immunefi-team/vaults/blob/main/src/WithdrawalSystem.sol?utm_source=immunefi#L28C5-L44C6

The setUp function in the withdrawlSystem contract accepts parameters, including _txCooldown, which represents the cooldown period for withdrawals. Within the function, the _txCooldown value is cast from uint256 to uint32 before being passed to the _setTxCooldown function. This type conversion can potentially lead to issues due to loss of precision if the original value is larger than what can be represented by a uint32

Impact Details

the impact of the potential loss of precision in the conversion from uint256 to uint32

References

change input var _txCooldown as uint32 in setUp function

Proof of Concept

Previous29483 - [SC - Insight] RewardTimelockcanExecuteTransaction - Reward tr...Next29513 - [SC - Insight] Critical reentrancy vulnerability in executeRew...

Last updated 1 year ago

Was this helpful?

hashtagDescription

hashtagBrief/Intro

hashtagVulnerability Details

hashtagImpact Details

hashtagReferences

hashtagProof of Concept