Maybe we could introduce a set of Events for this particular cases, like standard event in system, Underflow(String) and Overflow(String) with String being the name of the value ?

First, you most likely don't want to use String, since we strive to avoid it in the runtime logic.
Second, what use-cases do you see for this?

The idea is that it is better to be aware that a saturated overflow or underflow happens than it being silent

(I'm not sure about how much it is relevant)

if overflow/underflow happens, then it's a fundamental logic error/state corruption and governance or a hard fork is needed to fix it. it'll be obvious if it happens.

Because contracts executed can't increase issuance isn't it ?

Practically, yes, this shouldn't be able to overflow because:

1. we decrease the total issuance when we buy gas
2. because gas is only spent, the total issuance is increased by lower amount than it was decreased.
3. there are no* code executed between pt.1 and pt.2 beyond the contract module and it doesn't do any transfers.

(* with subtle caveat that the contract module can call callbacks such as T::DetermineContractAddress which theoretically could violate this, but we don't care about this cases and most likely will put a warning somewhere in the docs that this is not recommended since it can violate some assumptions here)

contracts module will need moving to the new model.

There is T::OnNewAccount, this here also be T::OnReapAccount as well?

You mostly care about the Free part of an account being destroyed (T::OnFreeBalanceZero). I don't mind adding a hook if you can come up with a use case.

OK I was wrong for this method:
the doc said: NOTE: This assumes that the total stake remains unchanged after this operation
because when I decoupled treasury it was not increase stake

But finally it seems what I thought as intentionnal was a bug.
So this method shouldn't exist anymore and be renamed to reward_creating. (or reward_create_account as suggested by @joepetrowski )

Also this confirm the point of @shawntabrizi as TotalIssuance, ReservedBalance and FreeBalance are dependent storages, we could make ourself safer even by providing method that will operate them on them coherently. We can also provides bypass method for some optimisation (but most of usages can use safe abstraction actually as we almost always call modification of total issuance and then modification of free balance) and we can even name those bypass method with a unguaranted_ or other very warnant prefix.

This would make reviewing easier

hmm safe operator could be implemented in another PR obviously but renaming of increase_free_balance_creating to reward_create_account seems relevant to me

They are not dependent storages. Total issuance includes balances outside of the basic AccountId mapping such as that in parachains.

In any case, this is outside the scope of this PR.

I don't understand how it could be useful, could you instance another implementation ?

Yes. You might want to put it in the treasury, for example.

What is keyring needed for?

This grumble is unaddressed

I think this doesn't matter since this one is being superseded by #2048

I've used AnySigner in #2033, I think it's a bit more explicit, can later work on merging this.

Could be:

if let Some(remaining_slash) = value.checked_sub(free_slash) {
 ...
}

this is about to be rewritten in an upcoming PR anyway so will leave it until then

Don't we have saturating_sub?

yeah, i would prefer to address these minor things in the next PR though since merging will be a time drain.

The entire if-else expression could be just remaining_slash.checked_sub(reserved_slash)

it's about to be rewitten :)

Why is it not possible to go below existential_deposit? We don't want the account to be killed by paying fees?

Correct.

We assume that the account exists at the point of dispatch.

Shouldn't the comment be just expect proof?

nothing should ever panic in the runtime. better to fail and allow a chain to be rescued through governance in subsequent blocks than brick it completely.

docs?