Assessment reports>GTE -- Perp>Informational findings>Unsafe cast from ,int256, to ,uint256
Category: Coding Mistakes

Unsafe cast from int256 to uint256

Informational Severity
Informational Impact
N/A Likelihood

Description

In Solidity, type casting from int256 to uint256 using uint256(...) does not include any bounds or overflow checks. If the result of the int256(orderbookCollateral) + marginDelta calculation is less than zero, casting it to uint256 will produce a very large positive value.

function orderUpdated(int256 marginDelta) external onlyPerpManager {
        orderbookCollateral = uint256(int256(orderbookCollateral) + marginDelta);
    }

Impact

Under normal protocol operation, it is unlikely that marginDelta would exceed orderbookCollateral, so this issue is considered informational. However, if it does, the unsafe cast may result in an inflated GTL price, which could lead to incorrect pricing and unintended user profit during withdrawal.

Recommendations

To prevent this behaivor when casting from int256 to uint256, it is strongly recommended to use the SafeCast library.

Remediation

Zellic © 2025Back to top ↑