Dibbler Manual Review Findings

DIB-01M: Unsafe Down-Casting

Type	Severity	Location
Mathematical Operations		Dibbler.sol:L71

Description:

The linked down-casting to a uint96 is performed unsafely.

Example:

Copy
71uint96 soilPercent = uint96(s.f.soil.mul(1e18).div(totalBeanSupply));

Recommendation:

We advise the down-casting to be performed safely as it can truncate in case the evaluation s.f.soil.mul(1e18).div(totalBeanSupply) exceeds the maximum of a uint96 which has up to ~7.922e28 precision.

Alleviation:

The contract's code has been relocated under the LibDibbler contract and no longer downcasts thereby alleviating this exhibit.

DIB-02M: Redundantly Preemptive Amount Evaluation

Type	Severity	Location
Input Sanitization		Dibbler.sol:L33, L43

Description:

The linked require checks validate that a non-zero amount has been purchased, however, this check does not guarantee that the pods that will be sowed are non-zero.

Example:

Copy
32function _sow(uint256 amount, address account) internal returns (uint256) {
33    require(amount > 0, "Field: Must purchase non-zero amount.");
34    s.f.soil = s.f.soil.sub(amount, "Field: Not enough outstanding Soil.");
35    uint256 pods = beansToPods(amount, s.w.yield);
36    sowPlot(account, amount, pods);
37    s.f.pods = s.f.pods.add(pods);
38    saveSowTime();
39    return pods;
40}
41
42function _sowNoSoil(uint256 amount, address account) internal returns (uint256) {
43    require(amount > 0, "Field: Must purchase non-zero amount.");
44    uint256 pods = beansToPods(amount, s.w.yield);
45    sowPlot(account, amount, pods);
46    s.f.pods = s.f.pods.add(pods);
47    saveSowTime();
48    return pods;
49}

Recommendation:

We advise the check to be relocated and to evaluate the pods value instead, indirectly ensuring a non-zero amount and guaranteeing a proper pods update.

Alleviation:

The contract's code has been relocated under the LibDibbler contract and now the pods that are converted are validated to be non-zero instead thereby alleviating this exhibit.