Dibbler Manual Review Findings
Dibbler Manual Review Findings
DIB-01M: Unsafe Down-Casting
| Type | Severity | Location |
|---|---|---|
| Mathematical Operations | 
| Dibbler.sol:L71 |
Description:
The linked down-casting to a uint96 is performed unsafely.
Example:
71uint96 soilPercent = uint96(s.f.soil.mul(1e18).div(totalBeanSupply));Recommendation:
We advise the down-casting to be performed safely as it can truncate in case the evaluation s.f.soil.mul(1e18).div(totalBeanSupply) exceeds the maximum of a uint96 which has up to ~7.922e28 precision.
Alleviation:
The contract's code has been relocated under the LibDibbler contract and no longer downcasts thereby alleviating this exhibit.
DIB-02M: Redundantly Preemptive Amount Evaluation
| Type | Severity | Location |
|---|---|---|
| Input Sanitization | 
| Dibbler.sol:L33, L43 |
Description:
The linked require checks validate that a non-zero amount has been purchased, however, this check does not guarantee that the pods that will be sowed are non-zero.
Example:
32function _sow(uint256 amount, address account) internal returns (uint256) {33 require(amount > 0, "Field: Must purchase non-zero amount.");34 s.f.soil = s.f.soil.sub(amount, "Field: Not enough outstanding Soil.");35 uint256 pods = beansToPods(amount, s.w.yield);36 sowPlot(account, amount, pods);37 s.f.pods = s.f.pods.add(pods);38 saveSowTime();39 return pods;40}41
42function _sowNoSoil(uint256 amount, address account) internal returns (uint256) {43 require(amount > 0, "Field: Must purchase non-zero amount.");44 uint256 pods = beansToPods(amount, s.w.yield);45 sowPlot(account, amount, pods);46 s.f.pods = s.f.pods.add(pods);47 saveSowTime();48 return pods;49}Recommendation:
We advise the check to be relocated and to evaluate the pods value instead, indirectly ensuring a non-zero amount and guaranteeing a proper pods update.
Alleviation:
The contract's code has been relocated under the LibDibbler contract and now the pods that are converted are validated to be non-zero instead thereby alleviating this exhibit.