Over/Underflow vulnerabilities
Overflow and Underflow vulnerabilities are related to arithmetic operations on numeric data types. These vulnerabilities arise when the result of a calculation exceeds the maximum or falls below the minimum representable value for the data type being used. They can lead to unexpected behavior, such as incorrect calculations, manipulation of smart contracts, or even system crashes. Preventing overflows and underflows requires careful validation of input data, using safe arithmetic libraries, and implementing defensive programming practices to ensure the integrity and security of Web3 applications.
Details
In Solidity, uint data types are commonly used, instead of Int. Which as illustrated in the picture above means when you have a variable of type uint8, its maximum value is 2⁸-1, or 255.
And if you add 1 to 255, is not going to be 256 but 0. And that is what it’s known as overflow.
Similarly, if 1 is deducted from a uint8 = 0, and taking into account on uint data type there are only positive numbers, the result will be 255, and this would be an underflow. This applies to all uint sizes, it's not different with a 2²⁵⁶ with uint256, because for example adding 3 to its maximum number, 2²⁵⁶ + 3 = 2.
Types of high issues
Missing validation for a parameter passed to an external function
Funds stolen due to an overflow happening inside an unchecked