evm: Safe cast the trimming shift

djb15 · djb15 · commit ebd4984e30f6 · 2024-03-06T13:34:31.000-08:00
diff --git a/evm/src/libraries/RateLimiter.sol b/evm/src/libraries/RateLimiter.sol
@@ -6,6 +6,7 @@ import "../interfaces/IRateLimiterEvents.sol";
 import "./TransceiverHelpers.sol";
 import "./TransceiverStructs.sol";
 import "../libraries/TrimmedAmount.sol";
+import "openzeppelin-contracts/contracts/utils/math/SafeCast.sol";
 
 abstract contract RateLimiter is IRateLimiter, IRateLimiterEvents {
     using TrimmedAmountLib for TrimmedAmount;
@@ -169,7 +170,9 @@ abstract contract RateLimiter is IRateLimiter, IRateLimiterEvents {
                 + (rateLimitParams.limit.getAmount() * timePassed) / rateLimitDuration;
 
             uint256 result = min(calculatedCapacity, rateLimitParams.limit.getAmount());
-            return packTrimmedAmount(uint64(result), rateLimitParams.currentCapacity.getDecimals());
+            return packTrimmedAmount(
+                SafeCast.toUint64(result), rateLimitParams.currentCapacity.getDecimals()
+            );
         }
     }
 
diff --git a/evm/src/libraries/TrimmedAmount.sol b/evm/src/libraries/TrimmedAmount.sol
@@ -2,6 +2,8 @@
 /// @dev TrimmedAmount is a utility library to handle token amounts with different decimals
 pragma solidity >=0.8.8 <0.9.0;
 
+import "openzeppelin-contracts/contracts/utils/math/SafeCast.sol";
+
 /// @dev TrimmedAmount is a bit-packed representation of a token amount and its decimals.
 /// @dev 64 bits: [0 - 64] amount
 /// @dev 8 bits: [64 - 72] decimals
@@ -122,7 +124,7 @@ library TrimmedAmountLib {
             saturatedSum = saturatedSum > type(uint64).max ? type(uint64).max : saturatedSum;
         }
 
-        return packTrimmedAmount(uint64(saturatedSum), getDecimals(a));
+        return packTrimmedAmount(SafeCast.toUint64(saturatedSum), getDecimals(a));
     }
 
     /// @dev scale the amount from original decimals to target decimals (base 10)
@@ -145,7 +147,7 @@ library TrimmedAmountLib {
     function shift(TrimmedAmount amount, uint8 toDecimals) internal pure returns (TrimmedAmount) {
         uint8 actualToDecimals = minUint8(TRIMMED_DECIMALS, toDecimals);
         return packTrimmedAmount(
-            uint64(scale(getAmount(amount), getDecimals(amount), actualToDecimals)),
+            SafeCast.toUint64(scale(getAmount(amount), getDecimals(amount), actualToDecimals)),
             actualToDecimals
         );
     }
@@ -173,10 +175,7 @@ library TrimmedAmountLib {
 
         // NOTE: amt after trimming must fit into uint64 (that's the point of
         // trimming, as Solana only supports uint64 for token amts)
-        if (amountScaled > type(uint64).max) {
-            revert AmountTooLarge(amt);
-        }
-        return packTrimmedAmount(uint64(amountScaled), actualToDecimals);
+        return packTrimmedAmount(SafeCast.toUint64(amountScaled), actualToDecimals);
     }
 
     function untrim(TrimmedAmount amt, uint8 toDecimals) internal pure returns (uint256) {
diff --git a/evm/test/NttManager.t.sol b/evm/test/NttManager.t.sol
@@ -460,6 +460,35 @@ contract TestNttManager is Test, INttManagerEvents, IRateLimiterEvents {
         assertEq(s3, 2);
     }
 
+    function test_transferWithAmountAndDecimalsThatCouldOverflow() public {
+        // The source chain has 18 decimals trimmed to 8, and the peer has 6 decimals trimmed to 6
+        nttManager.setPeer(chainId, toWormholeFormat(address(0x1)), 6, type(uint64).max);
+
+        address user_A = address(0x123);
+        address user_B = address(0x456);
+        DummyToken token = DummyToken(nttManager.token());
+        uint8 decimals = token.decimals();
+        assertEq(decimals, 18);
+
+        token.mintDummy(address(user_A), type(uint256).max);
+
+        vm.startPrank(user_A);
+        token.approve(address(nttManager), type(uint256).max);
+
+        // When transferring to a chain with 6 decimals the amount will get trimmed to 6 decimals
+        // and then scaled back up to 8 for local accounting. If we get the trimmed amount to be
+        // type(uint64).max, then when scaling up we could overflow. We safely cast to prevent this.
+
+        uint256 amount = type(uint64).max * 10 ** (decimals - 6);
+
+        vm.expectRevert("SafeCast: value doesn't fit in 64 bits");
+        nttManager.transfer(amount, chainId, toWormholeFormat(user_B), false, new bytes(1));
+
+        // A (slightly) more sensible amount should work normally
+        amount = (type(uint64).max * 10 ** (decimals - 6 - 2)) - 150000000000; // Subtract this to make sure we don't have dust
+        nttManager.transfer(amount, chainId, toWormholeFormat(user_B), false, new bytes(1));
+    }
+
     function test_attestationQuorum() public {
         address user_B = address(0x456);
 
