Omniscia Astrolab DAO Audit
AsCast Manual Review Findings
AsCast Manual Review Findings
ACT-01M: Potentially Insecure Address Cast
| Type | Severity | Location |
|---|---|---|
| Input Sanitization | ![]() | AsCast.sol:L119-L121 |
Description:
The AsCast::toAddress function will cast the input bytes32 variable to an address without validating that the variable does not have any corrupt bits.
Impact:
Dirty bits in the bytes32 variable will not affect the end-result of the casting operation but may affect other contextual assumptions in the caller of the function.
Example:
src/libs/AsCast.sol
114/**115 * @dev Converts a bytes32 value to an address.116 * @param b The bytes32 value to convert.117 * @return The converted address.118 */119function toAddress(bytes32 b) internal pure returns (address) {120 return address(uint160(uint256(b)));121}Recommendation:
We advise the code to cast the uint256 representation of the bytes32 variable to a uint160 variable safely (i.e. via AsCast::toUint160), ensuring that there are no dirty bits in the representation cast.
Alleviation (59b75fbee1d8f3dee807c928f18be41c58b904e1):
The code was updated to invoke the AsCast::toUint160 function as advised, ensuring that all address casts are safely performed.
