GravitaSafeMath128 Manual Review Findings

GSM-01M: Improper Application of Safe Arithmetics

Type	Severity	Location
Language Specific		GravitaSafeMath128.sol:L9, L17

Description:

The GravitaSafeMath128 contract improperly applies "safety" in the GravitaSafeMath128::add function by evaluating a require conditional after the unsafe operation has been performed. Additionally, the GravitaSafeMath128::sub function will apply a require check that guarantees the safety of the ensuing subtraction, executing it inefficiently.

Example:

Copy
7library GravitaSafeMath128 {
8    function add(uint128 a, uint128 b) internal pure returns (uint128) {
9        uint128 c = a + b;
10        require(c >= a, "GravitaSafeMath128: addition overflow");
11
12        return c;
13    }
14
15    function sub(uint128 a, uint128 b) internal pure returns (uint128) {
16        require(b <= a, "GravitaSafeMath128: subtraction overflow");
17        uint128 c = a - b;
18
19        return c;
20    }
21}

Recommendation:

We advise both code blocks to be wrapped in unchecked code blocks due to Solidity's built-in safe arithmetics in versions 0.8.X and up. In the present code, an overflow in GravitaSafeMath128::add will never yield the error message of the require check as the overflow would fail immediately during the addition. As such, the code presently has unreachable statements as well as inefficient code in both of its functions.

Alleviation:

The GravitaSafeMath128 contract has been omitted from the codebase entirely as a result of this finding. As a result, we consider this exhibit alleviated as its described issue is no longer present in the codebase.