The implementation of SafeMath asserts instead of performing a revert on failure.
Impact
An assert will consume all gas of the transaction whereas a revert/require releases the remaining gas to the transaction sender again.
Usually, one wants to try to keep the gas cost for contract failures low and use assert only for invariants that should always be true.
Handle
cmichel
Vulnerability details
Vulnerability Details
The implementation of SafeMath
asserts instead of performing areverton failure.Impact
An
assertwill consume all gas of the transaction whereas arevert/requirereleases the remaining gas to the transaction sender again. Usually, one wants to try to keep the gas cost for contract failures low and useassertonly for invariants that should always be true.Recommended Mitigation Steps
Use
requireinstead ofassert