Omniscia Native Audit
LowGasSafeMath Manual Review Findings
LowGasSafeMath Manual Review Findings
LGS-01M: Incorrect Restriction of Pragma Version
| Type | Severity | Location |
|---|---|---|
| Language Specific |  | LowGasSafeMath.sol:L2 |
Description:
The LowGasSafeMath library is meant to operate in pragma versions less than 0.8.0 as Solidity's built-in safe arithmetic introduced in that version will cause the library to misbehave.
Impact:
Presently, the Router contract induces a redundant gas overhead when utilizing the PeripheryPayments contract which is an undesirable trait.
Example:
1// SPDX-License-Identifier: GPL-3.02pragma solidity >=0.7.0;3
4/// @title Optimized overflow and underflow safe math operations5/// @notice Contains methods for doing math operations that revert on overflow or underflow for minimal gas cost6library LowGasSafeMath {7 /// @notice Returns x + y, reverts if sum overflows uint2568 /// @param x The augend9 /// @param y The addend10 /// @return z The sum of x and y11 function add(uint256 x, uint256 y) internal pure returns (uint256 z) {12 require((z = x + y) >= x);13 }Recommendation:
We advise the pragma version to be strictly locked. We noticed that the library is in use by PeripheryPayments which in turn is utilized by the Router implementation. As such, the Router implementation will incorrectly use the LowGasSafeMath dependency and induce redundant gas costs. Alternatively, we advise the codebase to stick to a strict pragma version of 0.8.0 and higher, ensuring all contracts are coded with built-in safe arithmetics in mind.
Alleviation:
The codebase has been locked to pragma versions of 0.8.0 and higher, however, the LowGasSafeMath contract remains in use by the code.