Integer Overflow and Underflow Vulnerability
Integer Overflow and Underflow Vulnerability
An Integer Overflow occurs when we attempt to store a value larger than the maximum allowed for an integer data type. Similarly, an Integer Underflow happens when we try to store a value smaller than the minimum allowed for that data type. These overflows and underflows can be detected either mathematically or programmatically.
The Ethereum Virtual Machine (EVM) defines fixed-size data types for integers, meaning the range of values that an integer variable can hold is limited. For example, a uint8 (an unsigned 8-bit integer) can only store numbers between 0 and 255. Trying to store a value greater than 255 in a uint8 will result in an overflow. Similarly, subtracting 1 from 0 will result in the value 255. This phenomenon is called underflow. Whenever an arithmetic operation exceeds the maximum or falls below the minimum size of a data type, overflow or underflow occurs.
For signed integers, the result is slightly different. If we try to subtract 1 from an int8 with a value of -128, the result will be 127. This happens because signed types, which can represent negative values, wrap around after reaching their minimum negative value.
Two simple examples of this behavior include:
-
Periodic mathematical functions (adding 2π to the argument of a sine function leaves the result unchanged).
-
Car odometers, which reset to zero after reaching their maximum reading (for example, from 999999 back to 000000).
Important Note:
Since Solidity version 0.8.0 and above, the compiler automatically performs overflow and underflow checks for arithmetic operations. If overflow or underflow occurs, the transaction will revert.
Solidity 0.8.0 also introduced the unchecked keyword, which allows developers to bypass these automatic checks when needed. This can be useful for gas optimization in scenarios where overflow is not problematic or wraparound behavior is desired, similar to how arithmetic worked in earlier versions of Solidity.
What is the impact of Integer Overflow and Underflow?
-
Artificially increasing account or token balances:
Attackers can exploit these vulnerabilities to artificially inflate balances, enabling them to withdraw more funds than they legitimately own. -
Altering the contract’s logic flow:
Attackers might manipulate the intended logic of the contract, leading to unauthorized actions like asset theft or excessive token generation.
What actions should be taken?
-
Use Solidity compiler version 0.8.0 or higher:
The simplest solution is to use Solidity version 0.8.0 or later, as it automatically performs overflow and underflow checks. -
Use up-to-date Safe Math libraries:
For the Ethereum community, OpenZeppelin has done an excellent job in developing and auditing secure libraries. Specifically, the SafeMath library can help prevent overflow and underflow vulnerabilities. It provides functions likeadd(),sub(),mul(), and more, which automatically revert the transaction in case of overflow or underflow.
Our Recommendation:
References:
https://owasp.org/www-project-smart-contract-top-10/2025/en/src/SC08-integer-overflow-underflow.html
https://swcregistry.io/docs/SWC-101/
