The UToken contract uses solidity version 0.8 which already comes with implicit overflow checks.
The explicit overflow checks in removeReserves can be removed:
// We checked reduceAmount <= totalReserves above, so this should never revert.
// @audit this overflow check already happened implicitly
require(totalReservesNew <= totalReserves, "reduce reserves unexpected underflow");
Handle
cmichel
Vulnerability details
The
UToken
contract uses solidity version 0.8 which already comes with implicit overflow checks. The explicit overflow checks inremoveReserves
can be removed: