SafeMath library functions are not always used in arithmetic operations in the PoolBase contract, which could potentially cause integer underflow/overflows. Although in the reference lines of code, there are upper limits on the variables to ensure an integer underflow/overflow could not happen, using SafeMath is always a best practice, which prevents underflow/overflows completely (even if there were no assumptions on the variables) and increases code consistency as well.
Handle
shw
Vulnerability details
Impact
SafeMath library functions are not always used in arithmetic operations in the
PoolBasecontract, which could potentially cause integer underflow/overflows. Although in the reference lines of code, there are upper limits on the variables to ensure an integer underflow/overflow could not happen, using SafeMath is always a best practice, which prevents underflow/overflows completely (even if there were no assumptions on the variables) and increases code consistency as well.Proof of Concept
Referenced code: PoolBase.sol#L136 PoolBase.sol#L325 PoolBase.sol#L344 PoolBase.sol#L362 PoolBase.sol#L364
Recommended Mitigation Steps
Consider using the SafeMath library functions in the referenced lines of code.