# Open Discussion: SafeMath by Default *These are collaborative notes from the open discussion round about "SafeMath by Default" at the [Solidity Summit 2020](https://solidity-summit.ethereum.org/).* Slides: https://chriseth.github.io/notes/talks/solidity_summit_2020/safeMath_by_default/ Issue: https://github.com/ethereum/solidity/issues/8467 ## Have or not have at all? Pros: - Having it in the language means immediate updates. No need to wait for frameworks like `OpenZeppelin`. - Lots of people use it anyway. Cons: - Introduces new semantics for the existing syntax. - Having to use `SafeMath` makes people aware that overflows are possible. mrchico: maybe use different type? (ekpyron: relates to the idea of general number range types https://github.com/ethereum/solidity/issues/2918) Sean Young: Proposal - have `.add()` be unchecked and `+` be checked. `unchecked` regions are not very granular. Miguel: Developers should be able to decide if they want to use built-in safe math or not. chriseth: Doing it as a compiler flag could silently break the code depending on whether it's used or not. A pragma would be better. ## "invalid" or "revert"? compiler-generated revert error message would not be useful to users, because it is just a generic "overflow" message ## Granularity of "unchecked" regions? There seems to be interest in mixing checked and unchecked arithmetic within the same statement. Random syntax suggestions for inline expressions: - Safe versions: + - * / ^ Unsafe versions: ⊕ ⊖ ⊗ ⊘ ? (but concerns are raised against non-ascii source constructs) - Safe versions: + - * / ^ Unsafe versions: (+) (-) (*) (/) (^) - +u -u *u /u ^u - unchecked{x + y} * z (but then we also need "checked{}", right?) - unchecked(x + y) * z ## What about out-of-bounds values prior to arithmetics (e.g. through inline assembly)? ## Opt-in or opt-out On gitter preference seems to be somewhat balanced between the two.