Panic-Free
Fixed-Point Arithmetic
for Solana sBPF
fermat-math is a 128-bit fixed-point decimal library that eliminates overflow bugs, enforces explicit rounding, and compiles to bare-metal sBPF with zero dependencies. Built for DeFi protocols where math errors cost millions.
Get started in seconds
Published on crates.io. Add to your project with a single command.
# Core library (no_std, zero deps)
cargo add fermat-core
# Solana/Anchor integration (optional)
cargo add fermat-solana[dependencies]
fermat-core = "0.1"
fermat-solana = "0.1" # optionalEvery edge case, handled
Built from first principles for consensus-critical DeFi arithmetic. No shortcuts, no hidden panics.
Panic-Free by Design
Every arithmetic operation returns a Result<T, ArithmeticError>. No .unwrap(), no implicit panics. Your validator node never crashes from bad on-chain math.
no_std Compatible
fermat-core has zero external dependencies and compiles to bare-metal sBPF. No alloc, no std — just pure integer arithmetic that fits the Solana runtime.
256-Bit Intermediate (U256)
checked_mul_div uses a 256-bit intermediate product — no unsafe, no external bignum crate. Prevents the silent i128 overflow that caused the Balancer/Mango incidents.
7 Rounding Modes
All IEEE 754-2008 modes: Down, Up, TowardZero, AwayFromZero, HalfUp, HalfDown, HalfEven. Every rounding operation requires an explicit RoundingMode argument — no silent precision loss.
17 Bytes On-Chain
Compact Borsh encoding: 16-byte LE i128 mantissa + 1-byte u8 scale. DecimalBorsh validates scale ≤ 28 on deserialization, blocking adversarial account injection attacks.
228 Tests
Comprehensive unit tests, property-based tests via proptest, and bit-for-bit determinism checks. Includes SPL token conversion tests and adversarial Borsh fuzzing.
The Solana DeFi stack needs better math
Silent overflows and unchecked rounding have caused hundreds of millions in DeFi losses. fermat-math closes these gaps at the library level.
Write DeFi math that can't panic
The health-factor check is the most security-critical computation in any lending protocol. With fermat-math, every multiplication uses a U256 intermediate and every rounding is explicit.
checked_mul_div prevents i128 overflow on large collateral positions
HalfEven banker's rounding eliminates statistical bias across many operations
Result propagation — the ? operator means no hidden panics
// fermat-core: 128-bit fixed-point for Solana sBPF
use fermat_core::{Decimal, RoundingMode};
// Build a health-factor check — the DeFi-critical operation
pub fn is_solvent(
collateral_usd: Decimal,
threshold: Decimal,
total_debt_usd: Decimal,
) -> Result<bool, ArithmeticError> {
// U256 intermediate prevents i128 overflow on large positions
let adjusted = collateral_usd.checked_mul_div(
threshold,
total_debt_usd,
)?;
// Explicit rounding mode — no silent precision loss
let health = adjusted.round(6, RoundingMode::HalfEven)?;
Ok(health >= Decimal::ONE)
}Cargo.toml
[dependencies]
fermat-core = "0.1"
fermat-solana = "0.1" # optionalTwo crates, clear separation
The core library has zero dependencies. Solana integration is opt-in. Use only what you need.
fermat-core
decimalDecimal struct, ZERO, ONE, MAX, MIN constantsarithmeticchecked_add/sub/mul/div, checked_mul_div (U256)rounding7 IEEE 754-2008 modesconvertfrom_u64/i64/u128, from_str_exact, to_token_amountcompareOrd/PartialOrd with scale normalisationerrorArithmeticError: Overflow, DivisionByZero, ScaleExceededfermat-solana
borsh_implDecimalBorsh — 17-byte on-chain encoding, scale validationtokentoken_amount_to_decimal, decimal_to_token_amount, align_to_mintaccountDECIMAL_SPACE = 17, DecimalBorsh::zero_with_scale for init10 threat vectors, 10 mitigations
Every known arithmetic attack vector in Solana DeFi is documented and mitigated. The audit trail is baked into the source.
Stop gambling on unchecked math
The Balancer and Mango exploits could have been prevented with overflow-safe arithmetic. fermat-math makes the correct path the easy path.