Omniscia Gravita Protocol Audit
SafeMath Manual Review Findings
SafeMath Manual Review Findings
SMH-01M: Improper Application of Safe Arithmetics
| Type | Severity | Location |
|---|---|---|
| Language Specific |  | SafeMath.sol:L32, L68, L90 |
Description:
The SafeMath contract improperly applies "safety" in the SafeMath::add and SafeMath::mul functions by evaluating a require conditional after each unsafe operation has been performed. Additionally, the SafeMath::sub function will apply a require check that guarantees the safety of the ensuing subtraction, executing it inefficiently.
Example:
51/**52 * @dev Returns the subtraction of two unsigned integers, reverting with custom message on53 * overflow (when the result is negative).54 *55 * Counterpart to Solidity's `-` operator.56 *57 * Requirements:58 * - Subtraction cannot overflow.59 *60 * _Available since v2.4.0._61 */62function sub(63 uint256 a,64 uint256 b,65 string memory errorMessage66) internal pure returns (uint256) {67 require(b <= a, errorMessage);68 uint256 c = a - b;69
70 return c;71}72
73/**74 * @dev Returns the multiplication of two unsigned integers, reverting on75 * overflow.76 *77 * Counterpart to Solidity's `*` operator.78 *79 * Requirements:80 * - Multiplication cannot overflow.81 */82function mul(uint256 a, uint256 b) internal pure returns (uint256) {83 // Gas optimization: this is cheaper than requiring 'a' not being zero, but the84 // benefit is lost if 'b' is also tested.85 // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/52286 if (a == 0) {87 return 0;88 }89
90 uint256 c = a * b;91 require(c / a == b, "mul overflow");92
93 return c;94}Recommendation:
We advise both code blocks to be wrapped in unchecked code blocks due to Solidity's built-in safe arithmetics in versions 0.8.X and up. In the present code, an overflow in SafeMath::add / SafeMath::mul will never yield the error message of the require check as the overflow would fail immediately during the addition / multiplication. As such, the code presently has unreachable statements as well as inefficient code in all of its functions.
Alleviation:
The SafeMath contract has been omitted from the codebase entirely as a result of this finding. As a result, we consider this exhibit alleviated as its described issue is no longer present in the codebase.