SafeMath Manual Review Findings

SMH-01M: Incorrect SafeMath Implementation

Type	Severity	Location
Logical Fault		SafeMath.sol:L30, L31, L62, L85

Description:

The SafeMath implementation ported to the codebase is incorrect as it is applicable to Solidity versions <0.8.X whilst the codebase employs Solidity version 0.8.16.

Impact:

The current SafeMath implementation contains multiple redundancies as it will attempt to evaluate an overflow after it has occurred which is invalid as the overflow itself would result in a panic error.

Additionally, cases such as SafeMath::sub will inefficiently perform their operations with checked arithmetic even though they are guaranteed to be safe.

Example:

Copy
29function add(uint256 a, uint256 b) internal pure returns (uint256) {
30    uint256 c = a + b;
31    require(c >= a, "SafeMath: addition overflow");
32
33    return c;
34}

Recommendation:

We advise the implementation to be omitted as Solidity's built-in checked arithmetic are sufficient in ensuring mathematical operations are safely performed.

Alleviation (b02fae335f62cc1f5f4236fb4d982ad16a32bd26):

The contract has been removed from the codebase as a result of this exhibit, rendering it alleviated.