Math contract

[mariopil]

This research should answer the question whether a specific contract (or contracts) implementing the math functionality (similar to OpenZeppelin one) would be needed. Currently Rust supports already a lot of math functions, e.g. this non-std lib: https://crates.io/crates/libm

[mariopil]

I've searched for math & cryptographic crates that don't require std lib. Here's some of more interesting libraries:

• libm - a lot of math functions but only for floating numbers
• num_traits - numeric traits for generic mathematics, includes also a Checked versions of operations that return None in case of under/over flow. Can be used together with libm for floating numbers
• ring - set of cryptography primitives (AEAD, ECDH, SHA-2/1, HMAC)
• elliptic_curve - general purpose ECC support
• sec1 - Rust implementation of SEC1 ECC encoding formats
• signature - contains traits providing generic APIs for generating digital signatures (used by dsa, ecdsa, ed25519 and rsa)
• miden-crypto - cryptographic primitives used in Polygon Mide, contains also set of data structures related to Merkle trees

Those crates should cover everything OpenZeppelin implements in its Math & Cryptography modules. Therefore I think math specific contracts are not required.

[eloylp]

It would be interesting to check how many of those works in the soroban runtime 🤔

I would probably defer the decision on this for the moment and wait for the need of them. As we are going to build an entire catalog of contracts. wdyt ?

[geofmureithi]

We may need to think more about unchecked math.
From

• https://doc.rust-lang.org/book/ch03-02-data-types.html#integer-overflow
• Tracking Issue for inherent unchecked integer methods rust-lang/rust#85122

When you’re compiling in release mode with the --release flag, Rust does not include checks for integer overflow that cause panics. Instead, if overflow occurs, Rust performs two’s complement wrapping.

Is this the behavior we want?

[eloylp]

We may need to think more about unchecked math. From

• https://doc.rust-lang.org/book/ch03-02-data-types.html#integer-overflow
• Tracking Issue for inherent unchecked integer methods rust-lang/rust#85122

When you’re compiling in release mode with the --release flag, Rust does not include checks for integer overflow that cause panics. Instead, if overflow occurs, Rust performs two’s complement wrapping.

Is this the behavior we want?

I would say that yes. By reading the docs i understand that if we are careful and use the checked_* methods we will be safe even with --release:

To explicitly handle the possibility of overflow, you can use these families of methods provided by the standard library for primitive numeric types:
Wrap in all modes with the wrapping_* methods, such as wrapping_add.
Return the None value if there is overflow with the checked_* methods.
Return the value and a boolean indicating whether there was overflow with the overflowing_* methods.
Saturate at the value’s minimum or maximum values with the saturating_* methods.

[mariopil]

To explicitly handle the possibility of overflow, you can use these families of methods provided by the standard library

Wouldn't rather work in our case? There is also this num_traits crate which can handle over/under flows

[geofmureithi]

Can we close this issue?