Lesson 5: How to Secure Your Smart Contracts (Part 2)
Ethereum Development 101: Lesson 5: Securing your smart contracts against arithmetic overflows and underflows
Prerequisite: This article is part of Ethereum Development 101, a course designed to teach the basic concepts of developing, testing and deploying smart contracts on the Ethereum network.
Learning aims: By the end of this lesson, you should be able to understand arithmetic overflow and underflow vulnerabilities in Solidity smart contracts. You should be able to write code that guards against them.
What Are They?
To understand arithmetic over- and underflows, we must first understand the data types in which they appear.
Ethereum Virtual Machine (EVM) integers are always of a fixed size. For example, unit8 can only store values between (and including) 0 and 255. Trying to store the value 256 in a uint8 variable will result in a value of 0. This is ripe for exploitation if no checks are made before execution.
Underflows
An underflow can appear when a value is subtracted from an integer, where the current value of that integer is less than the value being subtracted. For example:
