Signed/unsigned arithmetic confusion

Ethena's assessment for RD-F-018 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Solidity 0.8.19/0.8.20 with default overflow protection (SafeMath built-in). No signed/unsigned confusion vulnerability documented in any audit. Pashov Oct 2024 (USDtb scope) found L-03 EIP712 type mismatch uint128/uint120 in UStbMinting, but this is the USDtb sub-product and is out of core USDe scope.

Sources #

Audit
Ethena Pashov Oct 2024 AuditPashov October 2024 audit (USDtb) — L-03 out of core scoperetrieved 2026-04-28

Methodology #

Determine whether signed-integer conversions or comparisons where unsigned was intended exist in the deployed bytecode/source.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol ethena factor RD-F-018 score green collected_at 2026-04-28 13:58:51