💀Understanding Integer Underflow and Overflow Vulnerabilities

Book an audit with Zokyo

Overview

Integer underflow and overflow are common arithmetic vulnerabilities in Solidity, especially in versions before 0.8.0. These occur when an arithmetic operation reaches a value outside the range that can be represented within the fixed bit-size of the integer type, causing the value to wrap around the range.

Integer Overflow

Integer overflow occurs when the result of an arithmetic operation exceeds the maximum value that the integer type can hold, causing the value to wrap around and start from the minimum representable value. In Solidity, unsigned integers (uint) range from 0 to 22561225612256−12256−1.

Example of Integer Overflow

solidityCopy codepragma solidity ^0.7.0;

contract OverflowExample {
    uint8 public counter = 255;

    function overflow() public {
        counter += 1; // Here the counter overflows
    }
}

In this example, since counter is a uint8, it can hold values from 0 to 255. When we try to increment 255 by 1, it wraps around and becomes 0, an instance of integer overflow.

Integer Underflow

Integer underflow is the opposite, occurring when the result of an operation is less than the minimum value the integer type can hold, causing the value to wrap around and start from the maximum representable value.

Example of Integer Underflow

solidityCopy codepragma solidity ^0.7.0;

contract UnderflowExample {
    uint8 public counter = 0;

    function underflow() public {
        counter -= 1; // Here the counter underflows
    }
}

In this example, decrementing 0 by 1 results in 255 due to underflow since the variable counter is of type uint8.

Vulnerability Implications

  • Asset Misallocation: If such vulnerabilities exist within functions handling asset transfers or balance updates, malicious actors could exploit them to misallocate funds, possibly leading to unauthorized gains.

  • Manipulation: Overflow and underflow can be used to manipulate contract logic, potentially bypassing certain conditions or controls, leading to unexpected behaviors.

Mitigations

In Solidity version 0.8.0 and onwards, automatic checks are integrated into the language, causing transactions to revert when overflow or underflow conditions are met. For contracts deployed using older compiler versions:

  • Use Safe Math Libraries: Libraries like OpenZeppelin’s SafeMath provide functions that safely conduct arithmetic operations, reverting transactions when overflows or underflows are detected.

    solidityCopy codeusing SafeMath for uint256;

uint256 public value;

function increment(uint256 _value) public {
    value = value.add(_value); // Using SafeMath's add function
}

  • Manual Checks: Incorporate manual checks to ensure that variables do not exceed permissible ranges, reverting transactions that do not meet the necessary conditions.

    solidityCopy codefunction increment(uint256 _value) public {
    require(value + _value >= value, "Overflow error");
    value += _value;
}
PreviousPrerequisitesNextConclusion

Last updated