Signed/unsigned arithmetic confusion

BENQI's assessment for RD-F-018 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Compound V2 lending contracts use SafeMath.sol (explicit overflow/underflow checks in Solidity 0.5.17). sAVAX uses Solidity 0.6.12 with OZ SafeMath pattern. No signed/unsigned arithmetic confusion issue identified in the Halborn, Dedaub, or Certora audit reports. Cannot fully confirm without symbolic execution but no positive finding exists.

Sources #

GitHub
SafeMath.sol — BENQI LendingSafeMath.sol in lending directory — explicit overflow protection for Solidity 0.5.17retrieved 2026-05-16
Audit
Dedaub BENQI Ignite Audit — no signed/unsigned findingNo signed/unsigned arithmetic finding in Halborn May 2021, Certora April 2022, or Dedaub March 2023 reportsretrieved 2026-05-16

Methodology #

Determine whether signed-integer conversions or comparisons where unsigned was intended exist in the deployed bytecode/source.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol benqi factor RD-F-018 score green collected_at 2026-05-16 11:02:12