Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Yeet>Low findings>Circuit Breaker's unsafe casting results in errors during liquidity tracking
GeneralOverview
Findings
Critical (3)
High (1)
Medium (1)
Low (2)Zapper contract leaks excess token balance to OBRouterCircuit Breaker's unsafe casting results in errors during liquidity tracking
Informational (1)
DiscussionInconsistencies in modifiers can lead to missing checksCircuitBreaker complexity introduces unnecessary attack surfaces
Threat ModelWhat are threat models?MoneyBrinter.solStakeV2.solZapper.sol
Audit ResultsAssessment Results
Category: Coding Mistakes

Circuit Breaker's unsafe casting results in errors during liquidity tracking

Low Severity
Low Impact
Low Likelihood

Description

The CircuitBreaker contract tracks liquidity changes within an interval. Due to unsafe typecasting, the liquidity track can be misrepresented when exceeding values of .

The _onTokenOutflow() function conducts the following record change;

limiter.recordChange(-int256(_amount), WITHDRAWAL_PERIOD, TICK_LENGTH);

However, casting any integer that exceeds will end up changing the amount to a negative number. This will end up incrementing the limiter instead of decrementing.

Impact

It is possible to bypass liquidity changes within an interval by incrementing during large withdrawals. However, this requires token balances in excess of .

Recommendations

We recommend the use of safe typecasting to ensure math operations are not reversed unexpectedly.

Remediation

This issue has been acknowledged by Sanguine Labs LTD, and a fix was implemented in commit 8e0bf0ce.

Zellic © 2025Back to top ↑