Signed/unsigned arithmetic confusion

Polymarket's assessment for RD-F-018 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No published symbolic execution results. V1/V2 use Solidity 0.8.x with built-in overflow protection. Cannot assess signed/unsigned confusion without tool execution.

Sources #

Etherscan
CTFExchange V2 — Solidity 0.8.34CTFExchange V2 compiler: v0.8.34 — built-in overflow protectionretrieved 2026-04-29

Methodology #

Determine whether signed-integer conversions or comparisons where unsigned was intended exist in the deployed bytecode/source.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol polymarket factor RD-F-018 score gray collected_at 2026-04-29 16:25:39