Potential overflow in FHE.sub for large euint64 inputs in ConfidentialERC20 transfer #897
Description
Describe the issue
Summary
While exploring the FHEVM examples, I noticed a potential overflow/underflow risk in the transfer function of ConfidentialERC20. When using FHE.sub on euint64 balances with large inputs (e.g., balance = 2^63, amount = 2^64-1), despite the select check, the subtraction may underflow or behave unexpectedly in FHE operations.
Steps to Reproduce
- Clone the fhevm repo and navigate to examples/solidity/token.
- Deploy ConfidentialERC20 on local Hardhat node.
- Mint large balance to an account (e.g., 2^63).
- Attempt transfer of amount > balance (e.g., 2^64-1).
- Check balanceOf sender – expected 0, but FHE.sub may revert or return unexpected encrypted value.
Expected Behavior
Transfer should revert with "Insufficient balance" or handle underflow safely.
Actual Behavior
Revert with underflow error, as FHE.sub does not fully prevent edge cases in encrypted operations.
Suggestion
Add explicit overflow check in FHE.sub or use FHE.safeSub if available. This could prevent edge cases in confidential tokens.
Environment
- FHEVM: v0.8.0 (from repo)
- Solidity: 0.8.26
- Hardhat: 3.0.6
- Node.js: v22.20.0
Thanks for the amazing project! Happy to discuss or test further. (ariel841005)
Context
No response
Steps to Reproduce or Propose
No response