🚀
Smart Contract Auditors Space
  • 👋Welcome to the Smart Contract Auditors Space
  • Smart Contract Vulnerabilities
    • FV-SOL-1 Reentrancy
      • FV-SOL-1-C1 Single Function
      • FV-SOL-1-C2 Cross Function
      • FV-SOL-1-C3 Cross Contract
      • FV-SOL-1-C4 Cross Chain
      • FV-SOL-1-C5 Dynamic
      • FV-SOL-1-C6 Read-Only
    • FV-SOL-2 Precision Errors
      • FV-SOL-2-C1 Token Decimals
      • FV-SOL-2-C2 Floating Point
      • FV-SOL-2-C3 Rounding
      • FV-SOL-2-C4 Division by Zero
      • FV-SOL-2-C5 Time-Based
    • FV-SOL-3 Arithmetic Errors
      • FV-SOL-3-C1 Overflow and Underflow
      • FV-SOL-3-C2 Sign Extension
      • FV-SOL-3-C3 Truncation in Type Casting
      • FV-SOL-3-C4 Misuse of Environment Variables
    • FV-SOL-4 Bad Access Control
      • FV-SOL-4-C1 Using tx.origin for Authorization
      • FV-SOL-4-C2 Unrestricted Role Assignment
      • FV-SOL-4-C3 Lack of Multi-Signature for Crucial Operations
    • FV-SOL-5 Logic Errors
      • FV-SOL-5-C1 Boundary Misalignment
      • FV-SOL-5-C2 Incorrect Conditionals
      • FV-SOL-5-C3 Improper State Transitions
      • FV-SOL-5-C4 Misordered Calculations
      • FV-SOL-5-C5 Event Misreporting
    • FV-SOL-6 Unchecked Returns
      • FV-SOL-6-C1 Unchecked Call Return
      • FV-SOL-6-C2 Unchecked Transfer Return
      • FV-SOL-6-C3 Silent Fail
      • FV-SOL-6-C4 False Positive Success Assumption
      • FV-SOL-6-C5 Partial Execution with No Rollback
      • FV-SOL-6-C6 False Contract Existence Assumption
    • FV-SOL-7 Proxy Insecurities
      • FV-SOL-7-C1 delegatecall Storage Collision
      • FV-SOL-7-C2 Function Selector Collision
      • FV-SOL-7-C3 Centralized Update Control
      • FV-SOL-7-C4 Uninitialized Proxy
    • FV-SOL-8 Slippage
    • FV-SOL-9 Unbounded Loops
    • FV-SOL-10 Oracle Manipulation
Powered by GitBook
On this page
  • TLDR
  • Code
  • Classifications
  • Mitigation Patterns
  • Update Solidity Version (FV-SOL-3-M1)
  • Using Established Math Libraries (FV-SOL-3-M2)
  • Unit Testing on Edge Cases (FV-SOL-3-M3)
  • Actual Occurrences
  • Content

Was this helpful?

FV-SOL-3 Arithmetic Errors

TLDR

Arithmetic-related security vulnerabilities primarily stem from issues with numeric operations, particularly when they handle unexpected values or edge cases

Code

// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;

contract OverflowExample {
    uint256 public count = 2**256 - 1;

    function increment() public {
        count += 1; // This will overflow and wrap to 0
    }
}

Classifications

FV-SOL-3-C1 Overflow and Underflow

FV-SOL-3-C2 Sign Extension

FV-SOL-3-C3 Truncation in Type Casting

FV-SOL-3-C4 Misuse of Environment Variables

Mitigation Patterns

Update Solidity Version (FV-SOL-3-M1)

Solidity 0.8+ offers built-In Overflow and Underflow protection

Using Established Math Libraries (FV-SOL-3-M2)

Complex calculations should be using hard work premade in trusted math libraries available

Unit Testing on Edge Cases (FV-SOL-3-M3)

Write tests for edge cases, such as small or very large values, fractions close to rounding boundaries, zero values, and more.

Actual Occurrences

  • https://solodit.cyfrin.io/issues/h-06-incorrect-solidity-version-in-fullmathsol-can-cause-permanent-freezing-of-assets-for-arithmetic-underflow-induced-revert-code4rena-good-entry-good-entry-git

Content

PreviousFV-SOL-2-C5 Time-BasedNextFV-SOL-3-C1 Overflow and Underflow

Last updated 14 days ago

Page cover image