Omniscia Astrolab DAO Audit

AsCast Manual Review Findings

ACT-01M: Potentially Insecure Address Cast

Type	Severity	Location
Input Sanitization		AsCast.sol:L119-L121

Description:

The AsCast::toAddress function will cast the input bytes32 variable to an address without validating that the variable does not have any corrupt bits.

Impact:

Dirty bits in the bytes32 variable will not affect the end-result of the casting operation but may affect other contextual assumptions in the caller of the function.

Example:

src/libs/AsCast.sol

114/**
115 * @dev Converts a bytes32 value to an address.
116 * @param b The bytes32 value to convert.
117 * @return The converted address.
118 */
119function toAddress(bytes32 b) internal pure returns (address) {
120    return address(uint160(uint256(b)));
121}

Recommendation:

We advise the code to cast the uint256 representation of the bytes32 variable to a uint160 variable safely (i.e. via AsCast::toUint160), ensuring that there are no dirty bits in the representation cast.

Alleviation (59b75fbee1d8f3dee807c928f18be41c58b904e1):

The code was updated to invoke the AsCast::toUint160 function as advised, ensuring that all address casts are safely performed.

Omniscia Astrolab DAO Audit

AsCast Manual Review Findings

AsCast Manual Review Findings

ACT-01M: Potentially Insecure Address Cast

Description:

Impact:

Example:

Recommendation:

Alleviation (59b75fbee1d8f3dee807c928f18be41c58b904e1):

AsArrays.sol (AAS-M)

AsManageable.sol (AME-M)

On this page