Omniscia Mitosis Audit
Conv Manual Review Findings
Conv Manual Review Findings
CVN-01M: Unsafe Address Casting
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | Conv.sol:L11 |
Description:
The Conv::toAddress function will insecurely cast its input argument to the address data type.
Impact:
The Conv::toAddress function will presently truncate and ignore any dirty bits in the bz payload which is ill-advised as it could indicate a corruption of the overall message.
Example:
src/lib/Conv.sol
10function toAddress(bytes32 bz) internal pure returns (address) {11 return address(uint160(uint256(bz)));12}Recommendation:
We advise a require check (or if-revert pattern) to be introduced, ensuring that the input argument fits into the 160 bits of the address type.
Alleviation (5297bb74fa5cb1c63239172a7a7a3a7c8ce808e3):
The input argument is properly validated to be within bounds of the address data type, addressing this exhibit in full.