What is integer overflow?
Integers in Solidity are default to 256 bits. When performing addition operations, if the result exceeds 256 bits, an overflow occurs. This can lead to unexpected results and can be exploited by hackers.
For example, User A deposits 10 tokens into a contract, and the contract calculates the token balance using an unchecked uint256 variable called "balance". Then, a hacker passes in a very large value, causing an overflow in the calculation, and the balance is reset to 0. The hacker can then withdraw an unlimited amount of tokens.
Methods to prevent integer overflow:
Use secure math libraries to avoid direct calls to operations that can overflow, such as SafeMath.
Implement overflow checks for critical variables, and verify if the new value is valid before making changes.
Avoid calling functions that can overflow in loops. Limit the number of times a user can call them.
Code examples:
// Bad
uint256 balance;
function add(uint256 value) external {
balance += value;
}
// Good
using SafeMath for uint256;
uint256 balance;
function add(uint256 value) external {
balance = balance.add(value);
require(balance >= value, "Overflow detected");
}