Skip to content

Rule: Math lints for unchecked u128 + Q64.64 + slippage/invariant bounds #7

New issue
New issue
Open
Open
Rule: Math lints for unchecked u128 + Q64.64 + slippage/invariant bounds#7
@Cass402

Description

@Cass402
Cass402
opened on Aug 12, 2025

Summary

Warn on unsafe arithmetic in high-value financial code paths, especially unchecked u128 operations and missing bounds in AMM logic.
Related to #3

Why it matters

•	Unchecked u128 mul/div can overflow silently.
•	Fixed-point Q64.64 math can lose precision or overflow without guard rails.
•	Missing slippage or invariant checks can allow value extraction or pool imbalance.

Proposed Approach

•	Warn on * or / with u128 unless checked_*, mul_div, or equivalent safe helpers are used.
•	For Q64.64 ops, suggest explicit rounding and overflow handling.
•	In swap/AMM code paths, detect absence of a slippage bound (require!(amount_out >= min_out)) or invariant check before state mutation.

Examples

Flag:

let k = a * b; // a, b are u128

Pass:

let k = a.checked_mul(b).ok_or(Error::Overflow)?;

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions