Arithmetic Underflow
Description
The code is vulnerable to an arithmetic underflow, which occurs when the result of a subtraction operation is less than the minimum value that can be represented by the data type, causing it to wrap around to a large value.
Examples
Insecure Code
solidity
function test(uint256 x) public { uint256 result = x - 1; }Secure Code
solidity
function test(uint256 x) public { require(x > 0); uint256 result = x - 1; }Remediation
Add input validation to ensure that the subtraction operation does not result in an underflow. Consider using a library that provides safe arithmetic operations.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0250 |
| Category | Crypto |
| Severity | HIGH |
| CWE | CWE-191 |
| Confidence | LOW |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | integer underflow, arithmetic underflow |
| OWASP | N/A |
References
- https://medium.com/@Knownsec_Blockchain_Lab/knownsec-blockchain-lab-umbnetwork-attack-event-analysis-9bae1141e58
- https://etherscan.io/address/0xbbc3a290c7d2755b48681c87f25f9d7f480ad42f
- https://twitter.com/danielvf/status/1497194778278174724