Arithmetic
high severity
Integer Overflow / Underflow
Integer overflow and underflow occur when arithmetic operations exceed the maximum or minimum value of a data type, wrapping around and producing unexpected results.
How It Works
In Solidity versions before 0.8.0, arithmetic operations silently overflow/underflow. An attacker can exploit this to bypass balance checks, mint unlimited tokens, or manipulate protocol logic.
Real-World Examples
BEC Token
2018
$900M
An integer overflow in the batchTransfer function allowed attackers to generate massive amounts of BEC tokens.
PoWHC
2018
$800K
An underflow bug allowed users to withdraw more than their balance from the Proof of Weak Hands contract.
Code Examples
Vulnerable Code
// VULNERABLE: Solidity <0.8.0 without SafeMath
pragma solidity ^0.7.0;
function transfer(address to, uint256 amount) external {
// Underflow: if balance < amount, wraps to huge number
balances[msg.sender] -= amount;
balances[to] += amount; // Overflow possible too
}Secure Code
// FIXED: Solidity >=0.8.0 has built-in overflow checks
pragma solidity ^0.8.0;
function transfer(address to, uint256 amount) external {
// Automatically reverts on overflow/underflow
balances[msg.sender] -= amount;
balances[to] += amount;
}Prevention
- Use Solidity 0.8.0+ which has built-in overflow/underflow checks
- For older versions, use OpenZeppelin's SafeMath library
- Be careful with unchecked blocks in Solidity 0.8+
- Validate all arithmetic inputs at system boundaries
Related Vulnerabilities
Scan Your Contract for Integer Overflow / Underflow
Our AI-powered auditor automatically detects integer overflow / underflow and 20+ other vulnerability types. Get a detailed report in minutes.