Solidity – Mitigating SafeMath Dangers in Percentage Calculations in Smart Contracts

safemathsolidity

I'm making a fund manager using solidity and I'd like to calculate the percentage, however I'm wonder whether the use of safeMath is actually incorrect.

using SafeMath for uint256;
uint256 percent = 5
function managePayment(uint256 payment)
    amountToSplit = payment.mul(percent).div(100);
}

In this case, I'm limiting myself to 1/5 of the max supply otherwise multiply will throw when calculating the percent, is there a better approach to doing this, (Granted I could avoid using safe math, if I validate the percentage is less than 100) However, I'd like to avoid this approach

Best Answer

Since solidity 0.8 you dont' need safe math for that. The compiler will inject checking sequences to automatically throw if overflow occurs. (This problem was removed since OP is aware of that)

Update: According to the comment, looks like OP wants to calculate multiplying with the result larger than uint256 and then the division will take back the intermediate result down to uint256. The safeMath library or overflow prevention are not designed for that. You need to implement or use some library that can represent higher bitwidth (e.g. uint512). After searching for a while I think Openzeppellin already have similar library for you, look at function mulDiv(uint256 x, uint256 y, uint256 denominator) source code. Hence the code below will be safe to use:

pragma solidity ^0.8.0;
import "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/utils/math/Math.sol";
contract Test {
  uint256 percent = 10;
  function managePayment(uint256 payment) public view returns(uint256){
      return  Math.mulDiv(payment, percent, 100);
  }
}

Input: 2**255 = 57896044618658097711785492504343953926634992332820282019728792003956564819968

Output: 2**255/10 = 5789604461865809771178549250434395392663499233282028201972879200395656481996

You can also choose rounding direction : Math.mulDiv(payment, percent, 100, Math.Rounding.Up);

Output: 2**255/10 = 5789604461865809771178549250434395392663499233282028201972879200395656481997

Related Solutions

Solidity Percent Change – Calculating Percent Change in Solidity Contracts

In Solidity var is determining the type at first assignment and takes whatever fits. Read the warning here. Therefore your code translates into:

uint16 startValue = 1000;
uint16 endValue = 800;

Then, your calculation overflows as it translates into:

(100*800 % (2**16)) / 1000 = 14

and

(1000*800 % (2**16))/1000 = 13

Beware of var and assign it a type that you know will be fine at runtime! Also, use the SafeMath library whenever you need something decently secure+safe.

Solidity Compilation Error – Using SafeMath with OpenZeppelin Contracts

The reason you are getting that error is because num is of type uint8, and the sub() function of SafeMath is looking for type uint256. Additionally you declare using SafeMath for uint;, which confirms that it only works with uint256 (as uint is an alias for uint256).

There are two ways to fix it:

1) Make num a uint256 type. Your code would look as follows:

pragma solidity ^0.5.1;
library SafeMath {
  function sub(uint256 a, uint256 b) internal pure returns (uint256) {
    assert(b <= a);
    return a - b;
  }
}

contract Underflow1 {
using SafeMath for uint;
    uint256 num= 0;
    function testf2() public returns (uint256){
    //val--;    
    num = num.sub(1);
    return num;
    }
}

2) (Not preferred) Allow SafeMath to handle type uint8. Your code would look as follows:

pragma solidity ^0.5.1;
library SafeMath {
  function sub(uint8 a, uint8 b) internal pure returns (uint8) {
    assert(b <= a);
    return a - b;
  }
}

contract Underflow1 {
using SafeMath for uint8;
    uint8 num= 0;
    function testf2() public returns (uint8){
    //val--;    
    num = num.sub(1);
    return num;
    }
}

Best Answer

Related Solutions

Solidity Percent Change – Calculating Percent Change in Solidity Contracts

Solidity Compilation Error – Using SafeMath with OpenZeppelin Contracts

Related Topic