Signed/unsigned arithmetic confusion

Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap's assessment for RD-F-018 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No symbolic execution output for SushiSwap's fork. v3 tick math (int24 ticks, int256 deltas) is well-studied by ToB for the upstream. No SushiSwap-specific finding for signed/unsigned arithmetic confusion. Tool run required.

Sources #

URL
Trail of Bits Uniswap V3 Core Security AssessmentToB Uniswap v3 audit — reviewed int24/int256 tick math; no signed/unsigned confusion flagged as high in upstreamretrieved 2026-05-17
Internal
00-data-cache.json — static_analysis sectiondata-cache static_analysis: [] (empty)retrieved 2026-05-17

Methodology #

Determine whether signed-integer conversions or comparisons where unsigned was intended exist in the deployed bytecode/source.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sushi factor RD-F-018 score gray collected_at 2026-05-16 19:50:37