defirisk.co
rubric v1.7.0

Signed/unsigned arithmetic confusion

Kamino Lend's assessment for RD-F-018 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No signed/unsigned arithmetic issues disclosed across all audits. Rust type system enforces type safety; strum dependency uses checked_arithmetics branch providing additional protection.

Detail #

Rust enforces integer type safety at compile time more strictly than Solidity. The strum git dependency uses a 'checked_arithmetics' branch per Cargo.toml. No audit finding in this class identified across OtterSec, Certora, Offside Labs, or Sec3 reviews.

Sources #

  • GitHub
    klend programs Cargo.tomlprograms/klend/Cargo.toml — strum uses Kamino fork with checked_arithmetics branchretrieved 2026-04-27

Methodology #

Determine whether signed-integer conversions or comparisons where unsigned was intended exist in the deployed bytecode/source.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol kamino-lend factor RD-F-018 score green collected_at 2026-04-30 21:19:16