Member-only story
How to Secure Your Smart Contracts (Part 2)
Arithmetic overflows and underflows
Prerequisites: A basic understanding of the Ethereum blockchain and smart contracts.
Introduction
This is part 2 of a series on securing your Smart Contracts. Part 1 discussed reentrancy and owner-logic theft attacks.
Here, we’ll go through arithmetic overflows and underflows, a type of logic weakness that can sometimes creep into our code. We’ll describe what they mean, examples of how they might appear, and how to prevent them from appearing in our smart contracts.
What Are They?
To understand arithmetic over- and underflows, we must first understand the data types in which they appear.
Ethereum Virtual Machine (EVM) integers are always of a fixed size. For example, unit8 can only store values between (and including) 0 and 255. Trying to store the value 256 in a uint8 variable will result in a value of 0. This is ripe for exploitation if no checks are made before execution.
Underflows
An underflow can appear when a value is subtracted from an integer, where the current value of that integer is less than the value being subtracted. For example:
