Ethernaut Lvl 5 Token Walkthrough: How to abuse arithmetic underflows and overflows

This is a in-depth series around Zeppelin team’s smart contract security puzzles. I’ll give you the direct resources and key concepts you’ll need to solve the puzzles 100% on your own.

Nicole Zhu
Aug 22, 2018 · 2 min read

This levels requires you to grow your contract’s 20 tokens to even more tokens.


Integer Overflow and Underflows

Like C and C++, Solidity is a lower level coding language that doesn’t have failsafes for handling storage limitations. This is different than what Ruby and Python developers might be used to.

Ethereum’s smart contract storage slot are each 256 bits, or 32 bytes. Solidity supports both signed integers, and unsigned integers uint of up to 256 bits.

This means your arithmetic operations are prone to underflow and overflow errors, when your numbers flow under or over the allocated bits of storage.

Note: The largest possible uint256 is equal to 115792089237316195423570985008687907853269984665640564039457584007913129639935- hopefully sufficient to represent what you need

Here’s a visualization of the code snippet above:

This makes contracts that handle arithmetic operators on their own vulnerable. In general, we inherit math operators from the safemath.sol library.


Detailed Walkthrough

  1. Notice Telephone.sol’s changeOwner function checks if (tx.origin != msg.sender). Seems like we can successfully trigger this function with scenario 3:

2. Create a phone contract, Telephony to pose as Contract A. Instantiate Contract B, your Telephone.sol, inside Telephony:

3. Create a changeOwner function inside Telephony that calls the changeOwner function in Telephone, i.e. play the game of Telephone.

4. Notice await contract.owner() in console now indicate your user wallet is the owner!


Coinmonks

Coinmonks is a non-profit Crypto educational publication.

Nicole Zhu

Written by

Engineer @ParityTech | I write about cryptography and code | Tweet @nczhu

Coinmonks

Coinmonks

Coinmonks is a non-profit Crypto educational publication. Follow us on Twitter @coinmonks Our other project — https://coincodecap.com

Nicole Zhu

Written by

Engineer @ParityTech | I write about cryptography and code | Tweet @nczhu

Coinmonks

Coinmonks

Coinmonks is a non-profit Crypto educational publication. Follow us on Twitter @coinmonks Our other project — https://coincodecap.com

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store