Unsafe casting in getWeekNumber() function

[hats-bug-reporter]

Github username: --
Twitter username: --
HATS Profile: ---

Beneficiary: 0x3828b7Dff72E340B44f3A0270574dDE9276D5FD3
Submission hash (on-chain): 0xce2644b7fe4986a891ee16409107b04ef163b46545fb0e6a978c99941435eb4b
Severity: medium

Description:
The getWeekNumber() function in the LockingBase contract is implemented as follows:

function getWeekNumber(uint32 blockNumber) public view returns (uint32) {
    require(!paused, "locking is paused");

    if (blockNumber < _getEpochShift(blockNumber)) {
      return 0;
    }
    uint32 shifted = blockNumber - _getEpochShift(blockNumber);

    if (_isPreL2Transition(blockNumber)) {
      return shifted / WEEK - uint32(startingPointWeek);
    } else {
      return uint32(uint256(int256(uint256(shifted / L2_WEEK)) - l2StartingPointWeek));
    } 
  }

In edge cases where l2StartingPointWeek > shifted / L2_WEEK, the function will return max value of uint32due to underflow, which can lead to get massive veMENTO balance and voting power.

Recommendation

To fix this issue, consider implementing a check to ensure that l2StartingPointWeek is smaller than shifted / L2_WEEK.

[nvtaveras]

This assumes wrongly calculated values, see scope:

Participants should assume these functions will be called with correct values. Issues related to calculation errors will be considered invalid unless participants can demonstrate that correct value implementation is impossible (e.g., proving that the correctly calculated value would cause an overflow/underflow).