{"id":7397,"date":"2024-03-20T10:36:40","date_gmt":"2024-03-20T10:36:40","guid":{"rendered":"https:\/\/metaschool.so\/articles\/?p=7397"},"modified":"2024-03-20T10:44:57","modified_gmt":"2024-03-20T10:44:57","slug":"integer-overflow-and-underflow-in-solidity","status":"publish","type":"post","link":"https:\/\/metaschool.so\/articles\/integer-overflow-and-underflow-in-solidity\/","title":{"rendered":"Integer overflow and underflow in solidity"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_56_1 ez-toc-wrap-left counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title \" >Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/metaschool.so\/articles\/integer-overflow-and-underflow-in-solidity\/#What_is_Integer_Overflow_and_Underflow\" title=\"What is Integer Overflow and Underflow?\">What is Integer Overflow and Underflow?<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/metaschool.so\/articles\/integer-overflow-and-underflow-in-solidity\/#Integer_Overflow\" title=\"Integer Overflow\">Integer Overflow<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/metaschool.so\/articles\/integer-overflow-and-underflow-in-solidity\/#Integer_Underflow\" title=\"Integer Underflow\">Integer Underflow<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/metaschool.so\/articles\/integer-overflow-and-underflow-in-solidity\/#Examples_of_Integer_Overflow_and_Underflow_in_Solidity\" title=\"Examples of Integer Overflow and Underflow in Solidity\">Examples of Integer Overflow and Underflow in Solidity<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/metaschool.so\/articles\/integer-overflow-and-underflow-in-solidity\/#Integer_Overflow_Example\" title=\"Integer Overflow Example\">Integer Overflow Example<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/metaschool.so\/articles\/integer-overflow-and-underflow-in-solidity\/#Integer_Underflow_Example\" title=\"Integer Underflow Example\">Integer Underflow Example<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/metaschool.so\/articles\/integer-overflow-and-underflow-in-solidity\/#Mitigating_Integer_Overflow_and_Underflow_in_Solidity\" title=\"Mitigating Integer Overflow and Underflow in Solidity\">Mitigating Integer Overflow and Underflow in Solidity<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/metaschool.so\/articles\/integer-overflow-and-underflow-in-solidity\/#Defensive_Programming_Techniques\" title=\"Defensive Programming Techniques\">Defensive Programming Techniques<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/metaschool.so\/articles\/integer-overflow-and-underflow-in-solidity\/#Using_Safe_Math_Libraries\" title=\"Using Safe Math Libraries\">Using Safe Math Libraries<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/metaschool.so\/articles\/integer-overflow-and-underflow-in-solidity\/#Conclusion\" title=\"Conclusion\">Conclusion<\/a><\/li><\/ul><\/nav><\/div>\n\n<p>Integer overflow and underflow are common issues in programming, including Solidity, the language used for developing smart contracts on the Ethereum blockchain. These issues arise when the result of an arithmetic operation exceeds the maximum or minimum value that can be represented by the data type. In Solidity, these issues can have serious consequences, leading to unexpected behavior or vulnerabilities in smart contracts.<\/p>\n\n\n\n<p>We will delve into the concepts of integer overflow and underflow, provide examples of how they can occur in Solidity, and discuss strategies to mitigate these risks.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"what-is-integer-overflow-and-underflow\"><span class=\"ez-toc-section\" id=\"What_is_Integer_Overflow_and_Underflow\"><\/span><strong>What is Integer Overflow and Underflow?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"integer-overflow\"><span class=\"ez-toc-section\" id=\"Integer_Overflow\"><\/span><strong>Integer Overflow<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Integer overflow occurs when the result of an arithmetic operation exceeds the maximum value that can be represented by the data type. In Solidity, integers are represented using fixed-size data types like <strong><code>uint256<\/code><\/strong> (unsigned integer with 256 bits) or <strong><code>int256<\/code><\/strong> (signed integer with 256 bits). If the result of an addition, multiplication, or any other arithmetic operation exceeds the maximum value that can be stored in the data type, an overflow occurs.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"integer-underflow\"><span class=\"ez-toc-section\" id=\"Integer_Underflow\"><\/span><strong>Integer Underflow<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Conversely, integer underflow occurs when the result of an arithmetic operation goes below the minimum value that can be represented by the data type. This typically happens with subtraction or division operations.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"examples-of-integer-overflow-and-underflow-in-solidity\"><span class=\"ez-toc-section\" id=\"Examples_of_Integer_Overflow_and_Underflow_in_Solidity\"><\/span><strong>Examples of Integer Overflow and Underflow in Solidity<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Let&#8217;s illustrate integer overflow and underflow with some code examples in Solidity.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"integer-overflow-example\"><span class=\"ez-toc-section\" id=\"Integer_Overflow_Example\"><\/span><strong>Integer Overflow Example<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<pre class=\"wp-block-code has-nv-site-bg-background-color has-background\"><code>solidityCopy code\npragma solidity ^0.8.0;\n\ncontract OverflowExample {\n    uint256 public value;\n\n    function increment(uint256 _addend) public {\n        value += _addend;\n    }\n}\n\n<\/code><\/pre>\n\n\n\n<p>In this example, the <strong><code>increment<\/code><\/strong> function adds <strong><code>_addend<\/code><\/strong> to the <strong><code>value<\/code><\/strong> variable. However, if <strong><code>value<\/code><\/strong> is already close to the maximum value of <strong><code>uint256<\/code><\/strong>, adding <strong><code>_addend<\/code><\/strong> might cause an overflow.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"integer-underflow-example\"><span class=\"ez-toc-section\" id=\"Integer_Underflow_Example\"><\/span><strong>Integer Underflow Example<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<pre class=\"wp-block-code has-nv-site-bg-background-color has-background\"><code>solidityCopy code\npragma solidity ^0.8.0;\n\ncontract UnderflowExample {\n    uint256 public value;\n\n    function decrement(uint256 _subtrahend) public {\n        value -= _subtrahend;\n    }\n}\n\n<\/code><\/pre>\n\n\n\n<p>Similarly, in this example, the <strong><code>decrement<\/code><\/strong> function subtracts <strong><code>_subtrahend<\/code><\/strong> from the <strong><code>value<\/code><\/strong> variable. If <strong><code>value<\/code><\/strong> is close to zero, subtracting <strong><code>_subtrahend<\/code><\/strong> might cause an underflow.<br><br><strong>\ud83d\udd25 Check this course out:<\/strong>&nbsp;<a href=\"https:\/\/metaschool.so\/courses\/one-piece-personality-dapp-solidity\" target=\"_blank\" rel=\"noreferrer noopener\">Build a One Piece Personality dApp With Solidity<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"mitigating-integer-overflow-and-underflow-in-solidity\"><span class=\"ez-toc-section\" id=\"Mitigating_Integer_Overflow_and_Underflow_in_Solidity\"><\/span><strong>Mitigating Integer Overflow and Underflow in Solidity<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>To mitigate the risks of integer overflow and underflow in Solidity, developers should employ defensive programming techniques and utilize safe arithmetic libraries.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"defensive-programming-techniques\"><span class=\"ez-toc-section\" id=\"Defensive_Programming_Techniques\"><\/span><strong>Defensive Programming Techniques<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Bounds Checking<\/strong>: Always ensure that arithmetic operations do not result in values exceeding the maximum or minimum limits of the data type.<\/li><li><strong>Safe Math Operations<\/strong>: Use safe math libraries that provide functions for arithmetic operations with built-in checks to prevent overflow and underflow.<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"using-safe-math-libraries\"><span class=\"ez-toc-section\" id=\"Using_Safe_Math_Libraries\"><\/span><strong>Using Safe Math Libraries<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Safe math libraries such as OpenZeppelin&#8217;s SafeMath are widely used in Solidity development to mitigate the risks of integer overflow and underflow. Here&#8217;s how you can use SafeMath to rewrite the previous examples:<\/p>\n\n\n\n<pre class=\"wp-block-code has-nv-site-bg-background-color has-background\"><code>solidityCopy code\npragma solidity ^0.8.0;\nimport \"@openzeppelin\/contracts\/utils\/math\/SafeMath.sol\";\n\ncontract SafeMathExample {\n    using SafeMath for uint256;\n\n    uint256 public value;\n\n    function increment(uint256 _addend) public {\n        value = value.add(_addend);\n    }\n\n    function decrement(uint256 _subtrahend) public {\n        value = value.sub(_subtrahend);\n    }\n}\n\n<\/code><\/pre>\n\n\n\n<p>By using SafeMath&#8217;s <strong><code>add<\/code><\/strong> and <strong><code>sub<\/code><\/strong> functions, we ensure that arithmetic operations are performed safely, with checks to prevent overflow and underflow.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"conclusion\"><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span><strong>Conclusion<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Integer overflow and underflow are critical vulnerabilities in Solidity smart contracts that can lead to unexpected behavior or security exploits. Developers must be aware of these risks and implement defensive programming techniques such as bounds checking and using safe arithmetic libraries like SafeMath.<\/p>\n\n\n\n<p>By following best practices and exercising caution when handling arithmetic operations, developers can minimize the likelihood of integer overflow and underflow vulnerabilities in their Solidity smart contracts, thereby enhancing the security and reliability of decentralized applications built on the Ethereum blockchain<br><br><\/p>\n\n\n\n<p><strong>Try it out, ask us questions, and tell us how it went by tagging Metaschool on Social Media.<\/strong><\/p>\n\n\n\n<p><strong>Follow us on<\/strong>&nbsp;\u2013<\/p>\n\n\n\n<p>\ud83d\udd2eTwitter \u2013&nbsp;<a href=\"https:\/\/twitter.com\/0xmetaschool\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/twitter.com\/0xmetaschool<\/a><\/p>\n\n\n\n<p>\ud83d\udd17LinkedIn \u2013&nbsp;<a href=\"https:\/\/www.linkedin.com\/company\/0xmetaschool\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/www.linkedin.com\/company\/0xmetaschool\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":17,"featured_media":7400,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","footnotes":""},"categories":[292],"tags":[47,46],"class_list":["post-7397","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-answers","tag-smart-contracts","tag-solidity"],"_links":{"self":[{"href":"https:\/\/metaschool.so\/articles\/wp-json\/wp\/v2\/posts\/7397","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/metaschool.so\/articles\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/metaschool.so\/articles\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/metaschool.so\/articles\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/metaschool.so\/articles\/wp-json\/wp\/v2\/comments?post=7397"}],"version-history":[{"count":4,"href":"https:\/\/metaschool.so\/articles\/wp-json\/wp\/v2\/posts\/7397\/revisions"}],"predecessor-version":[{"id":7406,"href":"https:\/\/metaschool.so\/articles\/wp-json\/wp\/v2\/posts\/7397\/revisions\/7406"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/metaschool.so\/articles\/wp-json\/wp\/v2\/media\/7400"}],"wp:attachment":[{"href":"https:\/\/metaschool.so\/articles\/wp-json\/wp\/v2\/media?parent=7397"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/metaschool.so\/articles\/wp-json\/wp\/v2\/categories?post=7397"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/metaschool.so\/articles\/wp-json\/wp\/v2\/tags?post=7397"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}