- detector id:
unsafe-math - severity: high
Enable overflow checks for all arithmetic operations. Otherwise, overflow can occur, resulting in incorrect results.
Overflow checks in NEAR contracts can be implemented with two different methods.
- [Recommended] Turn on the
overflow-checksin the cargo manifest. In this case, it's okay to use+,-and*for arithmetic operations. - Use safe math functions (e.g.,
checked_xxx()) to do arithmetic operations.
In this example, since the overflow-checks flag is turned off in the cargo manifest, the use of + may lead to overflow.
[profile.xxx] # `xxx` equals `dev` or `release`
overflow-checks = falselet a = b + c;The following code is recommended to do the addition operation with overflow-checks=false
let a = b.checked_add(c);