defirisk.co
rubric v1.7.0

Signed/unsigned arithmetic confusion

A code & audits factor in the v1.7.0 rubric. Measured per protocol on a s cadence.

Methodology how we score #

**What this measures** This factor detects signed/unsigned arithmetic confusion in the deployed bytecode: specifically, cases where a signed integer (int256) is cast to unsigned (uint256) in a context where the value may be negative, or where comparison operators are applied to signed values where unsigned was intended. The assessment uses static analysis and symbolic execution on verified source code. A flag is recorded when the detector identifies a potential underflow or semantic inversion due to signedness mismatch.

**Why it matters** Signed-to-unsigned conversions with negative values wrap around to large positive integers in Solidity (two's complement). A negative int256 value cast to uint256 produces a number close to 2^256, which when used in a comparison or arithmetic context can bypass a bound check or produce a wildly incorrect amount. This pattern has appeared in approximately three documented hacks in the T-01 evidence base, primarily in protocols that use signed arithmetic for position accounting (perps, options, yield-bearing positions) and then convert to unsigned for token transfer amounts.

**Green / Yellow / Red** Green: no signed-to-unsigned conversions are present in code paths that handle token amounts, collateral values, or position sizes, or all such conversions have explicit bounds checks that revert if the input is negative. Yellow: conversions exist in peripheral calculation paths where the value is always positive by construction, with curator confirmation. Red: a signed-to-unsigned conversion is present in a core fund-movement or collateral calculation path without a negative-check guard.

**Common gray cases** This factor is gray for protocols written in Vyper (where the type system prevents implicit signedness conversions) or for simple token protocols with no signed arithmetic.

Measurement what to look for #

Determine whether signed-integer conversions or comparisons where unsigned was intended exist in the deployed bytecode/source.

Data & output #

Data source
Slither + symbolic exec (Manticore/Echidna property check) on Etherscan-verified source
Output format
Green / Yellow / Red
Evidence artifact
Tool output JSON + flagged location
Confidence signal
green = 0 confirmed signed/unsigned issues; red = confirmed signed/unsigned confusion in live path; gray = source unverified

Scored protocols 80 carry this factor #

Protocol RD-F-018
Aave v3 ethereum green Across Protocol ethereum green Aerodrome Finance base green Axelar Network ethereum green Babylon Protocol bitcoin not_applicable Balancer (v2 + v3) ethereum yellow Beefy Finance ethereum gray BENQI avalanche green BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum gray Cap (cUSD / stcUSD) ethereum green Centrifuge ethereum green Chainlink CCIP ethereum gray Circle USYC binance gray Compound V3 (Comet) ethereum green Concrete ethereum gray Convex Finance ethereum green crvUSD (Curve Stablecoin) ethereum gray Curve Finance ethereum green deBridge ethereum green Dolomite ethereum green dYdX v4 (dYdX Chain) dydx not_applicable EigenLayer ethereum green Ethena ethereum green ether.fi ethereum green Euler V2 ethereum yellow Falcon Finance ethereum gray Fluid ethereum green Frax Finance ethereum gray GMX v2 (GMX Synthetics) arbitrum green Hyperlane ethereum gray Hyperliquid arbitrum gray Jito solana green Jupiter solana gray Jupiter Perpetual Exchange solana gray JustLend DAO tron not_applicable Kamino Lend solana green Kinetiq hyperliquid green Lido ethereum green Liquid Collective (LsETH) ethereum gray Liquity V1 + V2 (LUSD / BOLD) ethereum green Lista DAO bsc green Lombard Finance ethereum gray M^0 ethereum green Maple Finance ethereum green Marinade Finance solana gray Meteora solana green mETH Protocol ethereum gray Midas ethereum green Morpho V1 (Morpho Blue + MetaMorpho) ethereum green Multipli ethereum green Ondo Finance ethereum green OpenEden ethereum gray Orca solana green PancakeSwap bsc green Pendle Finance ethereum green Polymarket polygon gray QuickSwap polygon green Raydium solana green Rocket Pool ethereum green Sanctum solana green Save (formerly Solend) solana green Sky Lending (formerly MakerDAO) ethereum green Spark Protocol ethereum green Spiko stellar green Stake DAO ethereum gray StakeWise v3 ethereum gray Stargate Finance ethereum green stHYPE (Valantis Labs) hyperliquid gray SUNSwap (sun.io) tron gray Superstate ethereum gray Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum gray Symbiotic ethereum gray Synapse Protocol ethereum not_assessed Uniswap (v2 + v3) ethereum green USDD (Decentralized USD) tron green Usual (USD0 / bUSD0 / USUAL) ethereum green Veda (BoringVault) ethereum gray Venus Protocol bsc green Wormhole ethereum green Yearn Finance ethereum green
0 red · 2 yellow · 48 green

Linked hacks no historical incidents linked #

No historical incidents are linked to this factor.
rubric_version v1.7.0 factor RD-F-018 category 1 carried 80 critical no