Table of Contents
- 1 Introduction
- 2 What is Overflow and Underflow?
- 3 Why are Overflow and Underflow Vulnerabilities a Problem for Smart Contracts?
- 4 Impact of Overflow and Underflow Attacks
- 5 How can Overflow and Underflow Vulnerabilities be Mitigated in Smart Contracts?
- 6 Examples of Overflow and Underflow Attacks
- 7 Conclusion
As the world becomes increasingly digital, smart contracts are quickly gaining popularity as a way to automate the process of executing agreements and transactions. However, like any technology, smart contracts have their own set of vulnerabilities and risks that must be addressed in order to ensure their effectiveness and security.
One such vulnerability that can affect smart contracts is known as overflow and underflow. In this blog post, we will explain what overflow and underflow vulnerabilities are and how they can impact smart contracts.
What is Overflow and Underflow?
To understand overflow and underflow vulnerabilities, it is important to first understand how computers store and manipulate data. In computing, numbers are typically represented in binary form, which means they are expressed as a series of 1s and 0s.
In most computer systems, the size of a number is fixed. For example, a 32-bit integer can store values between -2,147,483,648 and 2,147,483,647. If a calculation results in a number that is outside of this range, an overflow or underflow occurs.
Overflow occurs when a calculation produces a number that is larger than the maximum value that can be stored in the allotted space. For example, if you add 1 to the maximum value of a 32-bit integer, the result will be an overflow, and the number will wrap around to the minimum value of the integer.
Underflow, on the other hand, occurs when a calculation produces a number that is smaller than the minimum value that can be stored in the allotted space. For example, if you subtract 1 from the minimum value of a 32-bit integer, the result will be an underflow, and the number will wrap around to the maximum value of the integer.
Why are Overflow and Underflow Vulnerabilities a Problem for Smart Contracts?
Overflow and underflow vulnerabilities can pose a significant problem for smart contracts, as these vulnerabilities can be exploited by attackers to manipulate the execution of the contract.
For example, consider a smart contract that calculates interest on a loan based on a fixed interest rate. If an attacker is able to trigger an overflow by providing an extremely large loan amount, the contract may calculate interest based on an incorrect value, potentially resulting in a loss for the lender.
Similarly, an attacker may be able to trigger an underflow by providing a negative loan amount, which could cause the contract to execute in unexpected ways.
Impact of Overflow and Underflow Attacks
Underflow errors are more likely to occur as opposed to overflows, and the outcome can be disastrous.
- If a program lacks the feature that checks for underflow and overflow, an attacker can get more tokens than they own. They can also get a maxed-out balance, which is essentially stealing.
- These errors can cause the whole system to break because the number of tokens being maxed out is not the same as the tokens in the system.
How can Overflow and Underflow Vulnerabilities be Mitigated in Smart Contracts?
To mitigate the risk of overflow and underflow vulnerabilities in smart contracts, developers can take a number of steps. Below are some of the ways to mitigate overflow and underflow attacks:
- SafeMath library: To prevent an integer overflow or underflow attack, developers should make sure to use safe math libraries or appropriate types that provide overflow detection. This library provides the basic arithmetic operations, but it can also check the preconditions and postconditions to determine whether an overflow has occurred or not. In case of an error, the library fails the transaction and updates the status of the transaction to be reverted.
- Compiler Version: The attack can be prevented by using solidity >= 0.8. Compile smart contracts with a newer version of the compiler. Thus, the preventive code of external libraries like SafeMath is embedded in the compiled code.
- Use modifier ‘onlyOwner’: Additionally, they can also incorporate checks in their code to ensure the values never exceed their expected range or use modifiers such as ‘onlyOwner’ for extra security.
- Regularly update code: Finally, it is also important to keep the code regularly updated to avoid any potential vulnerabilities.
Examples of Overflow and Underflow Attacks
- The mintToken function of the smart contract implementation of Coinstar (CSTR), an Ethereum token, has an integer overflow that allows the owner of the smart contract to set the balance of any random user to any random value.
- Proof of Weak Hands Coin(PoWHC) is a Ponzi scheme on Ethereum written in Solidity by the 4chan group. The authors of the smart contract had not observed the underflow or overflow condition and thus liberated 866 ethers from the contract.
- BeautyChain contract is one example where the attacker used the behavior of integer overflow to overcome some security checks and stole a huge amount of BEC tokens.
Overflow and underflow vulnerabilities are common issues in computing, and they can pose a significant risk to the security and effectiveness of smart contracts.
To mitigate these risks, developers should use data types that can handle larger numbers, implement input validation, and use specialized tools and frameworks to detect and prevent vulnerabilities in their code.
By taking these steps, developers can help ensure that smart contracts are secure, reliable, and effective in achieving their intended purposes.