Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Chainflip Backend>Discussion>Type conversion could lead to fund loss
GeneralOverview
Findings
Critical (1)
High (1)
Medium (1)
DiscussionLack of broker fee limitsERC-20 transfer reversions result in stuck fundsType conversion could lead to fund loss
Threat ModelWhat are threat models?1-cf-lp2-cf-pools3-cf-swapping4-cf-witnesser5-engine
Audit ResultsSummary

Type conversion could lead to fund loss

The Chainflip team is planning to support ERC-20 tokens with a totalSupply that falls within the uint128 range. The current code is mathematically safe, and we are noting this potential issue for the future.

If Chainflip Labs wishes to support ERC-20 tokens that have a totalSupply exceeding uint128, it is necessary to remove the value.try_into() and use the value directly (i.e., without conversion). At the moment, the type conversion logic would cause DOS because it would raise an error.

Type conversion to uint128 (see engine/src/witness/erc20_deposits.rs#L121) can lead to fund loss; it depends on the kind of tokens and how the token is implemented. Assume that one of the transfer functions supports uint256 and the amount of transferred tokens is more than the max of uint128. The highest 128 bits will be removed, and the chain will treat it with the wrong amount.

An example where this behavior manifested as an issue can be found on our website.

Zellic © 2024Back to top ↑