The Swap contract uses Solidity version 0.8 which already implements overflow checks by default.
At the same time, it uses the SafeMath library which is more gas expensive than the 0.8 overflow checks.
It should just use the built-in checks and remove SafeMath from the dependencies:
// @audit can just normal arithmetic here
uint256 toTransfer = SWAP_FEE_DIVISOR.sub(swapFee).mul(boughtERC20Amount).div(SWAP_FEE_DIVISOR);
// uint256 toTransfer = (SWAP_FEE_DIVISOR - swapFee) * boughtERC20Amount / SWAP_FEE_DIVISOR;
// same with many other computations
Handle
cmichel
Vulnerability details
The
Swapcontract uses Solidity version 0.8 which already implements overflow checks by default. At the same time, it uses theSafeMathlibrary which is more gas expensive than the 0.8 overflow checks.It should just use the built-in checks and remove
SafeMathfrom the dependencies: