Signed/unsigned arithmetic confusion
Cap (cUSD / stcUSD)'s assessment for RD-F-018 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Solidity 0.8.x compiler default overflow protection (all arithmetic reverts on over/underflow). Trail of Bits and Spearbit (Tier-1 firms) would have flagged systematic signed/unsigned confusion. No public finding of this nature disclosed across 9 audit engagements.
Sources #
- AuditTrail of Bits Audit — Full Protocol Review2025-05-15-TrailOfBits.pdf — Tier-1 full protocol review, would have flagged signed/unsigned issuesretrieved 2026-05-17
- Cap Contracts foundry.tomlfoundry.toml — solc 0.8.28 with overflow protection by defaultretrieved 2026-05-17
Methodology #
Determine whether signed-integer conversions or comparisons where unsigned was intended exist in the deployed bytecode/source.
See the full factor methodology and distribution across all protocols →
rubric_version v1.7.0 protocol cap factor RD-F-018 score green collected_at 2026-05-17 10:56:24