Omniscia SaucerSwap Audit

BytesLib Manual Review Findings

BLB-01M: Inexistent Bound Checks

Type	Severity	Location
Input Sanitization		BytesLib.sol:L100

Description:

The BytesLib::toUint256 function will not ensure that the _bytes value being parsed contains a sufficient length in contrast to BytesLib::toUint24.

Impact:

The BytesLib::toUint256 function will unsafely parse the input _bytes value as a uint256 as it does not ensure that there are sufficient bytes to parse in the payload.

Example:

contracts/libraries/BytesLib.sol

100function toUint256(bytes memory _bytes) internal pure returns (uint256 value) {
101    assembly {
102        value := mload(add(_bytes, 0x20))
103    }
104}

Recommendation:

We advise the code to ensure that _bytes.length is greater-than-or-equal-to 32 or exactly 32 depending on the invocation context of the BytesLib::toUint256 function.

Alleviation (d8d187efd1fa23b943c82694aaaccb5b9e427096):

The function this exhibit pertained to has been omitted from the codebase rendering it alleviated indirectly.

Omniscia SaucerSwap Audit

BytesLib Manual Review Findings

BytesLib Manual Review Findings

BLB-01M: Inexistent Bound Checks

Description:

Impact:

Example:

Recommendation:

Alleviation (d8d187efd1fa23b943c82694aaaccb5b9e427096):

NonfungiblePositionManager.sol (NPM-S)

NFTHelper.sol (NFT-M)

On this page