Signed/unsigned arithmetic confusion

SUNSwap (sun.io)'s assessment for RD-F-018 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

V2 uses Solidity >=0.6.12 <0.8.0 (no native overflow protection). V4 uses 0.8.26 (native overflow checks). No published signed/unsigned confusion finding for any sunswap version; Uniswap V2/V3 upstream audits have not found this pattern.

Sources #

GitHub
SUNSwap V3 hardhat configsunswap-v3-contracts hardhat.config.ts — solc 0.7.6 confirmedretrieved 2026-05-17
GitHub
SUNSwap V4 foundry configsunswap-v4-core foundry.toml — solc 0.8.26 confirmedretrieved 2026-05-17

Methodology #

Determine whether signed-integer conversions or comparisons where unsigned was intended exist in the deployed bytecode/source.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sunswap factor RD-F-018 score gray collected_at 2026-05-17 14:37:31