Signed/unsigned arithmetic confusion

Venus Protocol's assessment for RD-F-018 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No signed/unsigned confusion finding in any available audit reports. Compound v2 lineage uses uint256 throughout core accounting. Newer code uses Solidity 0.8.25 (built-in overflow protection). Legacy 0.5.x uses established patterns.

Sources #

GitHub
Venus audit reports 2023-2025 — no signed/unsigned confusion findings reportedVenus audits directory — no signed/unsigned findingsretrieved 2026-04-28

Methodology #

Determine whether signed-integer conversions or comparisons where unsigned was intended exist in the deployed bytecode/source.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol venus factor RD-F-018 score green collected_at 2026-04-28 18:30:49