Circuit Breaker's unsafe casting results in errors during liquidity tracking
Description
The CircuitBreaker contract tracks liquidity changes within an interval. Due to unsafe typecasting, the liquidity track can be misrepresented when exceeding values of .
The _onTokenOutflow()
function conducts the following record change;
limiter.recordChange(-int256(_amount), WITHDRAWAL_PERIOD, TICK_LENGTH);
However, casting any integer that exceeds will end up changing the amount to a negative number. This will end up incrementing the limiter instead of decrementing.
Impact
It is possible to bypass liquidity changes within an interval by incrementing during large withdrawals. However, this requires token balances in excess of .
Recommendations
We recommend the use of safe typecasting to ensure math operations are not reversed unexpectedly.
Remediation
This issue has been acknowledged by Sanguine Labs LTD, and a fix was implemented in commit 8e0bf0ce↗.