Prevent Integer Overflow in Ethereum Smart Contracts

Do you know that most of the hacker attacks for stoling money from smart contracts are based on a type of bug called Integer Overflow? Today we dicuss about this kind of bug and how to simply prevent it.

Let’s get back to the fundermental

So what is Integer Overflow? Basically it is the case you make an integer variable store the value bigger than it limit, for example a 32-bit integer can store value from -2³¹ to 2³¹-1. If you assign a number out of the range to the variable, its value will become something else and what is the value depend on how the integer is presented in the system.

e.g. we have a 8-bit unsigned integer which store value from 0 to 255. Take a look at below snippet:

uint a = 255;
a = a + 1; // Now a = 0

So why a = 0 after we plus 1? Because a ‘s binary presentation is: 11111111 when we plus 1 it is like this:

11111111 + 00000001 = 100000000

The result in binary is 100000000 which has 9 bits, but in the memory where your variable a stored only have 8 bits, which is the last 8 zero-bits. That’s why the variable a become 0

You can see that Integer Overflow is very simple to understand, and it not only happen for plus operator but also other operator as well.

BatchTransfer Overflow

One of the recent attacks on token smart contracts is about an Integer Overflow bug the BatchTransfer function. Luckily this function is not belong to the ERC-20 Standard of token so it only affects a small number of tokens.

Let’s analyze what exactly this bug is and how to simply fix it if you want to implement this function in the future.

BEC Token contract source code bug:
function batchTransfer(address[] _receivers, uint256 _value) public whenNotPaused returns (bool) {
uint cnt = _receivers.length;
uint256 amount = uint256(cnt) * _value;
require(cnt > 0 && cnt <= 20);
require(_value > 0 && balances[msg.sender] >= amount);
balances[msg.sender] = balances[msg.sender].sub(amount);
for (uint i = 0; i < cnt; i++) {
balances[_receivers[i]] = balances[_receivers[i]].add(_value);
Transfer(msg.sender, _receivers[i], _value);
return true;

So the bug comes is at line 257: uint256 amount = unint256(cnt) * _value . Let’s asume we are the hacker and we call this function with params:

_receivers = [0xabc..., 0xdef...] // asume we put 2 addresses here
_value =   57896044618658097711785492504343953926634992332820282019728792003956564819968; // which is 8 * 16 ^ 63

Because of the Integer Overflow, we have amount = _value * 2 = 0 which passes the check balances[msg.sender] >= amount . Finally we could make the token smart contract send a large amount of token into our two addresses even we don’t have any token! We are the hackers now :)

So how to fix this?

Actually we can have simply logic to check for the overflow. We can use the SafeMath library which provide the safe operator functions:

Just add this library into your smart contract and use it like this:

using SafeMath for uint256; // use SafeMath for uint256 variables

Then you need to remember to use the safe operator functions anytime you are not sure about the safety on your math logic. Like this:

uint256 a = 1;
a = a.add(1);

So if you want to use the batchTransfer function above, just need to remember to fix the line 257 like this:

uint256 amount = uint256(cnt).mul(_value);


Keep calm and deploy your smart contract

Deploying your smart contract on blockchain is like releasing hardware, one mistake and there is no way to fix it! So becareful when you decide to deploy something, get your friends, experts and audiences to review it carefully.

At TALO we always aware about this and try to take care as much as we can for the smart contracts and other things before deploying to the network. If you want to know more about us, come and join us at

Some more interesting topics:

How to secure Sensitive data on an Ethereum Smart contract?

List of MultiSig Wallet Smart contracts on Ethereum

Token Honey Pot Scam on Ethereum Network — When hacker scam hacker