Arithmetic operations without using SafeMath may over/underflow

[code423n4]

Handle

WatchPug

Vulnerability details

https://github.com/Badger-Finance/badger-ibbtc-utility-zaps/blob/8d265aacb905d30bd95dcd54505fb26dc1f9b0b6/contracts/IbbtcVaultZap.sol#L179-L183

if (_amounts[1] > 0 || _amounts[2] > 0) {
    // Use renbtc and wbtc to mint ibbtc
    // NOTE: Can change to external zap if implemented
    depositAmounts[0] += _renZapToIbbtc([_amounts[1], _amounts[2]]);
}

Even though it's unlikely to overflow in this particular case, we still recommend using SafeMath instead.

[GalloDaSballo]

Ambivalent on the finding esp because bitcoin tokens tend to have 8 decimals

[0xleastwood]

agree with warden, this is best practice so keeping issue open as low.