False positive for uses a weak PRNG in ds-math

[krasi-georgiev]

Here is the code in question
https://github.com/dapphub/ds-math/blob/784079b72c4d782b022b3e893a7c5659aa35971a/src/math.sol#L73-L84

Running slither against this returns:

INFO:Detectors:
DSMath.rpow(uint256,uint256) (contracts/Main_merged.sol#5888-5898) uses a weak PRNG: "n % 2 != 0 (contracts/Main_merged.sol#5889)" 
DSMath.rpow(uint256,uint256) (contracts/Main_merged.sol#5888-5898) uses a weak PRNG: "n % 2 != 0 (contracts/Main_merged.sol#5894)" 
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#weak-PRNG

Which look like a false positive as there is no block.timestamp or block.hash used anywhere in the code.

[montyly]

Hi @krasi-georgiev. Thank you for reporting this.

Could you share the codebase where this result was found? I think it is either:

• The output that is not explicit enough (ex: block.timestamp is used as a parameter of rpow somewhere, but the detector shows only rpow and not the caller)
• A false positive

[krasi-georgiev]

Thanks for the update. I have already provided the link in the first comment
dapphub/ds-math@784079b/src/math.sol#L73-L84