Signed/unsigned arithmetic confusion

Dolomite's assessment for RD-F-018 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

OZ v2.5.1 SafeMath used for uint arithmetic in Solidity 0.5.x (no built-in overflow protection). SECBIT 2021 and OZ 2019 audits covered arithmetic safety without flagging signed/unsigned confusion. No such finding identified in any of the 7 audits.

Sources #

GitHub
DolomiteMargin package.jsonpackage.json: @openzeppelin/contracts ^2.5.1 — SafeMath included for uint arithmeticretrieved 2026-05-16
Audit
Solo Margin Protocol Audit — OpenZeppelinOZ 2019 audit: no signed/unsigned confusion flagged in the 0+2+1+8 findingsretrieved 2026-05-16

Methodology #

Determine whether signed-integer conversions or comparisons where unsigned was intended exist in the deployed bytecode/source.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol dolomite factor RD-F-018 score green collected_at 2026-05-16 11:12:56