Mythril on UserDeposit shows warnings

[pirapira]

==== External Call To Fixed Address ====
SWC ID: 107
Severity: Low
Contract: UserDeposit
Function name: withdraw(uint256)
PC address: 2927
Estimated Gas Usage: 26715 - 109098
The contract executes an external message call.
An external function call to a fixed contract address is executed. Make sure that the callee contract has been reviewed carefully.
--------------------
In file: UserDepositJoined.sol:245

token.transfer(msg.sender, withdrawable)

--------------------

==== Integer Overflow ====
SWC ID: 101
Severity: High
Contract: UserDeposit
Function name: deposit(address,uint256)
PC address: 3329
Estimated Gas Usage: 21693 - 117630
The binary addition can overflow.
The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion.
--------------------
In file: UserDepositJoined.sol:167

total_deposit[beneficiary] += added_deposit

--------------------

==== Integer Overflow ====
SWC ID: 101
Severity: High
Contract: UserDeposit
Function name: deposit(address,uint256)
PC address: 3344
Estimated Gas Usage: 27560 - 144129
The binary addition can overflow.
The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion.
--------------------
In file: UserDepositJoined.sol:170

whole_balance + added_deposit

--------------------

==== External Call To Fixed Address ====
SWC ID: 107
Severity: Low
Contract: UserDeposit
Function name: deposit(address,uint256)
PC address: 3643
Estimated Gas Usage: 20848 - 82599
The contract executes an external message call.
An external function call to a fixed contract address is executed. Make sure that the callee contract has been reviewed carefully.
--------------------
In file: UserDepositJoined.sol:177

token.transferFrom(msg.sender, address(this), added_deposit)

--------------------

[mat7ias]

Ran Mythril today, adding the two not already included in this issue:

==== Dependence on predictable environment variable ====
SWC ID: 120
Severity: Low
Contract: UserDeposit
Function name: withdraw(uint256)
PC address: 2482
Estimated Gas Usage: 27557 - 144126
A control flow decision is made based on a predictable variable.
The block.number environment variable is used in to determine a control flow decision. Note that the values of variables like coinbase, gaslimit, block number and timestamp are predictable and can be manipulated by a malicious miner. Also keep in mind that attackers know hashes of earlier blocks. Don't use any of those environment variables for random number generation or to make critical control flow decisions.
--------------------
In file: UserDeposit.sol:175

require(withdraw_plan.withdraw_block <= block.number, "withdrawing too early")

--------------------

==== Integer Overflow ====
SWC ID: 101
Severity: High
Contract: UserDeposit
Function name: planWithdraw(uint256)
PC address: 1781
Estimated Gas Usage: 12701 - 54467
The binary addition can overflow.
The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion.
--------------------
In file: UserDeposit.sol:159

block.number + withdraw_delay