Smart Contract / Integer Overflow and Underflow
Description
Integer overflow/underflow is a type of software vulnerability in which an integer value is stored in memory but exceeds the maximum or minimum size of storage space, leading to unexpected and potentially dangerous outcomes. This vulnerability is classified as CWE-190 in the Common Weakness Enumeration (CWE) directory and is mentioned in the OWASP Testing Guide. Integer overflow/underflow vulnerabilities are particularly dangerous when present in smart contract code. In this case, the vulnerability can lead to unexpected results when the code is executed on the Ethereum Virtual Machine (EVM). Specifically, this vulnerability occurs in the Solidity programming language (SWC) when an integer is used to represent a memory address.
Risk
Integer overflow/underflow vulnerabilities can have severe security implications for smart contracts due to the lack of standard input validation. This vulnerability can lead to unintended results, such as the execution of unintended code or a denial of service attack. In the worst case, an attacker could exploit this vulnerability to gain control of the underlying Ethereum network and its associated funds. As such, the risk posed by integer overflow/underflow vulnerabilities should not be underestimated.
Solution
The most effective solution for integer overflow/underflow vulnerabilities is to use a language-agnostic library for input validation. This library should be used to validate any input that is received from the user or from an external source before it is used by the smart contract. Additionally, developers should limit the range of inputs that the contract can accept, ensuring that the values are within the expected range.
Example
The following example code shows an integer overflow/underflow vulnerability in Solidity code.
contract ExampleContract {
uint256 x;
function exampleFunction(uint256 y) public {
x = y + 100;
}
}
In this example, the value of x
can be set to a value that is larger than the maximum size of its data type, leading to an integer overflow that could have unexpected consequences.