# Prevent Integer Overflow in Ethereum Smart Contracts

Do you know that most of the hacker attacks for stoling money from smart contracts are based on a type of bug called Integer Overflow? Today we dicuss about this kind of bug and how to simply prevent it.

### Let’s get back to the fundermental

So what is Integer Overflow? Basically it is the case you make an integer variable store the value bigger than it limit, for example a 32-bit integer can store value from -2³¹ to 2³¹-1. If you assign a number out of the range to the variable, its value will become something else and what is the value depend on how the integer is presented in the system.

e.g. we have a 8-bit unsigned integer which store value from 0 to 255. Take a look at below snippet:

`uint a = 255;a = a + 1; // Now a = 0`

So why a = 0 after we plus 1? Because `a` ‘s binary presentation is: `11111111` when we plus 1 it is like this:

`11111111 + 00000001 = 100000000`

The result in binary is `100000000` which has 9 bits, but in the memory where your variable `a` stored only have 8 bits, which is the last 8 zero-bits. That’s why the variable `a` become `0`

You can see that Integer Overflow is very simple to understand, and it not only happen for plus operator but also other operator as well.

### BatchTransfer Overflow

One of the recent attacks on token smart contracts is about an Integer Overflow bug the BatchTransfer function. Luckily this function is not belong to the ERC-20 Standard of token so it only affects a small number of tokens.

Let’s analyze what exactly this bug is and how to simply fix it if you want to implement this function in the future.

`function batchTransfer(address[] _receivers, uint256 _value) public whenNotPaused returns (bool) {    uint cnt = _receivers.length;    uint256 amount = uint256(cnt) * _value;    require(cnt > 0 && cnt <= 20);    require(_value > 0 && balances[msg.sender] >= amount);    balances[msg.sender] = balances[msg.sender].sub(amount);    for (uint i = 0; i < cnt; i++) {        balances[_receivers[i]] = balances[_receivers[i]].add(_value);        Transfer(msg.sender, _receivers[i], _value);    }    return true;}`

So the bug comes is at line 257: `uint256 amount = unint256(cnt) * _value` . Let’s asume we are the hacker and we call this function with params:

`_receivers = [0xabc..., 0xdef...] // asume we put 2 addresses here`
`_value =   57896044618658097711785492504343953926634992332820282019728792003956564819968; // which is 8 * 16 ^ 63`

Because of the Integer Overflow, we have `amount = _value * 2 = 0` which passes the check `balances[msg.sender] >= amount` . Finally we could make the token smart contract send a large amount of token into our two addresses even we don’t have any token! We are the hackers now :)

### So how to fix this?

Actually we can have simply logic to check for the overflow. We can use the SafeMath library which provide the safe operator functions: https://github.com/Steamtradenet/smart-contract/blob/master/contracts/SafeMath.sol

Just add this library into your smart contract and use it like this:

`using SafeMath for uint256; // use SafeMath for uint256 variables`

Then you need to remember to use the safe operator functions anytime you are not sure about the safety on your math logic. Like this:

`uint256 a = 1;a = a.add(1);`

So if you want to use the `batchTransfer` function above, just need to remember to fix the line 257 like this:

`uint256 amount = uint256(cnt).mul(_value);`

### Conclusion

Deploying your smart contract on blockchain is like releasing hardware, one mistake and there is no way to fix it! So becareful when you decide to deploy something, get your friends, experts and audiences to review it carefully.

At TALO we always aware about this and try to take care as much as we can for the smart contracts and other things before deploying to the network. If you want to know more about us, come and join us at https://talo.io