code4rena-2023-01-biconomy-l03

[L-03] Consider using OpenZeppelin’s SafeCast library to prevent unexpected overflows when casting from uint256

보고서

Summary

숫자가 예상치 못하게 절삭되어 오작동할 수 있다.

Keyword

overflow/underflow, casting

Vulnerability

• contracts/smart-contract-wallet/aa-4337/core/StakeManager.sol#L115-L122

contracts/smart-contract-wallet/aa-4337/core/StakeManager.sol:
  115:     function withdrawTo(address payable withdrawAddress, uint256 withdrawAmount) external {
  116:         DepositInfo storage info = deposits[msg.sender];
  117:         require(withdrawAmount <= info.deposit, "Withdraw amount too large");
  118:         info.deposit = uint112(info.deposit - withdrawAmount);
  119:         emit Withdrawn(msg.sender, withdrawAddress, withdrawAmount);
  120:         (bool success,) = withdrawAddress.call{value : withdrawAmount}("");
  121:         require(success, "failed to withdraw");
  122:     }

파라미터인 uint256 withdrawAmount 를 info.deposit = uint112(info.deposit - withdrawAmount); 에서 uint112 로 다운 캐스팅한다. 캐스팅 중 오버/언더플로우 방지하기 위해 OpenZeppelin의 SafeCast 라이브러리를 이용하여 캐스팅하라고 제안했다.

Impact

숫자가 예상치 못하게 절삭되어 오작동할 수 있다.

Mitigation

OpenZeppelin의 SafeCast 라이브러리를 이용하여 오버플로우/언더플로우 발생 시 revert 되도록 한다.

---

tags: bughunting, smart contract, biconomy, account abstraction, erc4337, type casting, casting overflow underflow, wallet, severity low