FP
FIREPAN
high

Integer Overflow & Underflow: How It Works, Real Exploits & Automated Detection

April 1, 2026
Chainsethereumarbitrumbaseoptimismpolygonbnb-chain
Detected byslithermythrilechidnahound-ai

Integer overflow and underflow are arithmetic errors where numbers exceed or fall below their type's limits, wrapping to unexpected values. In Solidity <0.8.0, unchecked arithmetic silently overflows—a uint256 of 2^256 becomes 0. This flaw has enabled countless exploits, particularly in token transfer logic and balance calculations. Firepan's HOUND AI detects integer overflow and underflow automatically during development and post-deployment monitoring, covering continuous analysis across the full contract lifecycle.

What Is Integer Overflow & Underflow?

Integer overflow occurs when an arithmetic operation produces a result larger than the maximum value a type can hold. In Solidity, unsigned integers have fixed bit widths (uint8 max 255, uint256 max 2^256-1). When overflow happens, the value wraps around modulo 2^n.

Integer underflow is the inverse: subtracting from zero causes the value to wrap to the maximum representable value (e.g., 0 - 1 = 2^256 - 1 for uint256).

Key distinction:

  • Solidity <0.8.0: Arithmetic wraps silently; developers must manually check using SafeMath
  • Solidity ≥0.8.0: Overflow/underflow reverts by default (checked arithmetic)

However, legacy contracts and unchecked blocks still expose this vulnerability. Attackers exploit it to mint unlimited tokens, drain balances, or bypass amount validations.

How Integer Overflow & Underflow Works

The attack typically involves three steps:

  1. Identify vulnerable arithmetic: Find operations on user-controlled or state variables without bounds checking
  2. Craft input: Supply values that trigger wrap-around behavior
  3. Exploit state: Use the wrapped result to bypass authorization, mint tokens, or transfer excessive amounts
// VULNERABLE — example only
// Demonstrates: Integer Overflow & Underflow
// Do NOT use in production

pragma solidity ^0.7.0;  // Pre-0.8.0 wraps silently

contract VulnerableToken {
    mapping(address => uint256) public balances;
    uint256 public totalSupply;

    // VULNERABLE: No overflow check on addition
    function mint(address to, uint256 amount) public {
        balances[to] += amount;  // Can wrap if too large
        totalSupply += amount;   // Wraps independently
    }

    // VULNERABLE: Underflow on subtraction
    function burn(address from, uint256 amount) public {
        require(balances[from] >= amount, "Insufficient balance");
        balances[from] -= amount;
        totalSupply -= amount;  // Can underflow separately
    }

    // VULNERABLE: No validation on multiplication
    function transferFromMultiple(address from, address[] calldata tos, uint256 amount) public {
        uint256 totalAmount = tos.length * amount;  // Overflow possible
        require(balances[from] >= totalAmount);
        balances[from] -= totalAmount;
        for (uint i = 0; i < tos.length; i++) {
            balances[tos[i]] += amount;
        }
    }
}

contract Exploit {
    VulnerableToken public token;

    constructor(address _token) {
        token = VulnerableToken(_token);
    }

    function exploitOverflow() public {
        // Overflow: 2^256 - 1 + 2 = 1
        token.mint(address(this), type(uint256).max);
        token.mint(address(this), 2);  // Wraps to 1
        // Now balance is 1 instead of 2^256 + 1
    }

    function exploitUnderflow() public {
        token.burn(address(this), 1);  // Underflows: 0 - 1 = 2^256 - 1
        // Now balance is 2^256 - 1 (maximum uint256)
    }
}

Real-World Integer Overflow & Underflow Exploits

| Protocol | Date | Loss | Root Cause | |----------|------|------|-----------| | BECToken | 2018-04 | $1B frozen | Unchecked multiplication overflow in batchTransfer() | | SmartBillions | 2018-07 | $6.9M | Integer underflow in balance calculation | | OMGToken | 2018-04 | $30M locked | Integer overflow in approve() function | | Beauty Chain | 2018-04 | $0 (blocked) | Unchecked overflow in batchTransferFrom() | | DeFi Protocol (Generic) | 2021-2023 | $50M+ cumulative | Underflow in reward calculations, interest accrual |

How to Detect Integer Overflow & Underflow

Manual detection strategies:

  • Arithmetic operations on user input: Flag any +=, -=, *=, /= without bounds checks
  • Solidity version audit: Identify pre-0.8.0 contracts; assume all arithmetic is unchecked
  • SafeMath usage: Verify SafeMath wrapper is used on all sensitive arithmetic
  • Unchecked blocks: In Solidity 0.8.0+, review all unchecked blocks for math operations
  • Implicit conversions: Watch for narrowing conversions (uint256 to uint128) which can silently overflow
  • Loop counters: Verify loop increments don't overflow, especially in withdrawal loops

Red flags:

  • Addition without max value check
  • Subtraction without min value check
  • Multiplication where result could exceed type limits
  • Division by user-controlled divisor without zero-check
  • Reward/interest calculation without overflow guards

How Firepan Detects Integer Overflow & Underflow Automatically

Firepan's HOUND AI performs multi-layered detection:

  1. Type range analysis: Maps every arithmetic operation to its numeric range
  2. Value propagation: Traces user-controlled inputs through calculations
  3. Solidity version detection: Auto-flags pre-0.8.0 arithmetic as inherently risky
  4. SafeMath verification: Confirms SafeMath wrappers are correctly applied
  5. Echidna fuzzing: Generates extreme input values (0, type.max, near-max) to trigger overflow
  6. Symbolic execution: Uses constraint solvers to determine if overflow is reachable

Firepan's HOUND AI engine catches exploitable overflow/underflow paths across all monitored contracts.

Prevention Best Practices

1. Use Solidity ≥0.8.0 (Checked Arithmetic)

Upgrade to Solidity 0.8.0+, which reverts on overflow/underflow by default:

pragma solidity ^0.8.0;

contract SafeToken {
    function mint(address to, uint256 amount) public {
        balances[to] += amount;  // Reverts if overflow
        totalSupply += amount;   // Reverts if overflow
    }
}

2. Use SafeMath for Pre-0.8.0 Code

For legacy contracts, apply OpenZeppelin's SafeMath:

import "@openzeppelin/contracts/math/SafeMath.sol";

contract LegacyToken {
    using SafeMath for uint256;

    function mint(address to, uint256 amount) public {
        balances[to] = balances[to].add(amount);  // Reverts on overflow
    }
}

3. Validate Input Ranges

Always check user inputs before arithmetic:

function transfer(address to, uint256 amount) public {
    require(amount > 0, "Amount must be positive");
    require(amount <= balances[msg.sender], "Insufficient balance");
    balances[msg.sender] -= amount;
    balances[to] += amount;
}

4. Use Unchecked Blocks Sparingly

In Solidity 0.8.0+, only disable checks for provably safe arithmetic:

unchecked {
    i++;  // Safe: loop counter rarely overflows in practice
}

5. Test Boundary Conditions

Use Echidna or Hardhat property-based testing to verify arithmetic handles max/min values:

// Property: balance + transferred ≤ type(uint256).max
// Property: balance never underflows to negative

Frequently Asked Questions

Q: What is integer overflow & underflow in smart contracts?

A: Overflow occurs when arithmetic exceeds the maximum value a type can hold, wrapping to zero. Underflow is subtracting from zero, wrapping to the maximum value. Pre-Solidity 0.8.0 contracts suffer silent overflow; modern Solidity reverts by default.

Q: Which protocols have been exploited via integer overflow & underflow?

A: BECToken (2018, $1B frozen), SmartBillions (2018, $6.9M), OMGToken (2018, $30M locked), and Beauty Chain (2018) were major victims. Generic DeFi protocols lose $50M+ annually to underflow in reward calculations and interest accrual.

Q: How does Firepan detect integer overflow & underflow?

A: Firepan maps numeric ranges for all arithmetic, traces user-controlled inputs, detects unsafe Solidity versions, verifies SafeMath usage, and fuzzes with extreme values (0, type.max). Symbolic execution determines reachability of overflow paths.

Q: Can integer overflow & underflow be exploited after deployment?

A: Yes, if the contract uses Solidity <0.8.0 or unchecked arithmetic. Attackers can craft transactions with edge-case amounts (0, max values, near-max) to trigger wrap-around behavior and drain balances or mint tokens.

Q: How do I prevent integer overflow & underflow?

A: Upgrade to Solidity 0.8.0+ for checked arithmetic. For legacy code, use SafeMath. Always validate input ranges. Use unchecked blocks only for provably safe operations. Test boundary conditions with property-based fuzzing to ensure robustness.

Conclusion

Integer overflow and underflow remain high-severity vulnerabilities, particularly in pre-0.8.0 Solidity and reward/fee calculation logic. Solidity 0.8.0 eliminates most risk through checked arithmetic, but legacy contracts and unchecked blocks still expose dangers. Firepan's HOUND AI detects unsafe arithmetic across all monitored contracts, ensuring math operations stay within type limits.

Start securing your smart contracts at https://app.firepan.com/

Firepan

Scan Your Contracts Now

12,453 contracts secured. 2,851 vulnerabilities blocked. 236 exploits prevented. Run a free surface scan — results in minutes, no credit card required.

Run Free Scan →
← Vulnerability Database← Security Blog← Compare Platforms