Divide-before-multiply pattern

Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap's assessment for RD-F-016 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No Slither output available for SushiSwap's deployed contracts. Uniswap v3 ToB audit (upstream) did not flag a divide-before-multiply in core math as a critical finding. Without tool run on SushiSwap's deployed bytecode, this cannot be confirmed. Flagged for programmatic assessment.

Sources #

URL
Trail of Bits Uniswap V3 Core Security AssessmentToB Uniswap v3 audit — 10 findings (2 high); no divide-before-multiply flagged as criticalretrieved 2026-05-17
Internal
00-data-cache.json — static_analysis sectiondata-cache static_analysis: [] (empty); no Slither output availableretrieved 2026-05-17

Methodology #

Determine whether Slither's `divide-before-multiply` detector fires on the deployed verified source.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sushi factor RD-F-016 score gray collected_at 2026-05-16 19:50:37