SCSVS-ORACLE-2
S7.2 Arithmetic Integrity
Control Objective
Ensure that all calculations and logical operations within the smart contract are performed correctly to maintain data integrity and prevent manipulation.
S7.2.A Secure Calculations and Logic
| SCSVS VR ID |
Requirement |
L1 |
L2 |
L3 |
SCWE |
| S7.2.A1 |
Ensure that price or rate calculations derived from asset balances are protected from manipulation, considering attack vectors like flash loans and donations. |
|
✓ |
✓ |
|
| S7.2.A2 |
Ensure that the use of structs and arrays does not lead to data corruption or incorrect values due to storage encoding issues. |
|
✓ |
✓ |
|
| S7.2.A3 |
Avoid operations that could lead to unintended data type conversions or precision loss by ensuring arithmetic operations are performed correctly. |
|
✓ |
✓ |
|
| S7.2.A4 |
Enforce a minimum transaction amount to prevent attackers from clogging the network with zero amount or dust transactions. |
|
✓ |
✓ |
|
| S7.2.A5 |
Validate that financial operations respect associative properties, ensuring consistent outcomes whether operations are performed in aggregate or iteratively. |
|
✓ |
✓ |
|
| S7.2.A6 |
Implement proper rounding direction for calculations where accounting relies on user shares to avoid inaccuracies. |
|
✓ |
✓ |
|
| S7.2.A7 |
Validate that inequalities and comparisons are correctly implemented to handle edge values appropriately. |
|
✓ |
✓ |
|
| S7.2.A8 |
Ensure that abi.decode adheres to the type limits to avoid reverts due to overflow of target types. |
|
✓ |
✓ |
|
| S7.2.A9 |
Ensure that logical operators such as ==, !=, &&, ||, and ! are used correctly, especially when test coverage may be limited. |
|
✓ |
✓ |
|
S7.2.B Precondition and Postcondition Checks
| SCSVS VR ID |
Requirement |
L1 |
L2 |
L3 |
SCWE |
| S7.2.B1 |
Ensure that multiplication is performed before division to maintain precision in calculations. |
|
✓ |
✓ |
|
| S7.2.B2 |
Ensure that the request confirmation number is high enough to mitigate risks associated with chain re-orgs. |
|
✓ |
✓ |
|
| S7.2.B3 |
Verify that off-by-one errors are avoided in loops and iterations, ensuring correct handling of list lengths and indexing. |
|
✓ |
✓ |
|
| S7.2.B4 |
Verify that unsigned integers are not used to represent negative values, as this can lead to erroneous behavior. |
|
✓ |
✓ |
|
| S7.2.B5 |
Verify that calculations with multiple terms handle all possible edge cases for min/max values to avoid errors. |
|
✓ |
✓ |
|