Omniscia Mean Finance Audit

StatefulChainlinkOracle Static Analysis Findings

SCO-01S: Unsafe Casting Operation

Type	Severity	Location
Mathematical Operations		StatefulChainlinkOracle.sol:L274

Description:

The int8 casting performed on the value yielded by decimals is unsafe as any value greater than type(int8).max / 127 will overflow silently.

Impact:

An overflow in this case can lead to a "negative" decimal value being read thus throwing off all decimal-normalization calculations within the contract.

Example:

solidity/contracts/StatefulChainlinkOracle.sol

268function _getDecimals(address _token) internal view returns (int8) {
269  if (_isETH(_token)) {
270    return ETH_DECIMALS;
271  } else if (!Address.isContract(_token)) {
272    return FOREX_DECIMALS;
273  } else {
274    return int8(IERC20Metadata(_token).decimals());
275  }
276}

Recommendation:

We advise safe casting to be utilized in place ensuring that the int8 casting operation is done safely. This can be ensured either via a library or a simple validation that the result of IERC20Metadata(_token).decimals() is at most equal to type(int8).max.

Alleviation:

The contract code was updated to instead utilize the int16 data type for retaining the decimal value the tokens yield thus permitting the uint8 data type to properly fit in the positive range of the now-int16 decimal variables.

Omniscia Mean Finance Audit

StatefulChainlinkOracle Static Analysis Findings

StatefulChainlinkOracle Static Analysis Findings

SCO-01S: Unsafe Casting Operation

Description:

Impact:

Example:

Recommendation:

Alleviation:

Code Style

UniswapV3Adapter.sol (UVA-S)

On this page