-
Notifications
You must be signed in to change notification settings - Fork 0
/
OverflowUnderflowExploit.sol
32 lines (27 loc) · 1.08 KB
/
OverflowUnderflowExploit.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
/// @dev In this example, a user can deposit funds into the
/// @dev contract and withdraw a specified amount. The problem
/// @dev with this implementation is that the balance variable
/// @dev is declared as an uint256, which has a maximum value
/// @dev of 2^256 - 1. If a user tries to withdraw more than
/// @dev the current balance, the balance will underflow to
/// @dev a large value and the user will receive more funds
/// @dev than they should.
/// @dev An attacker could exploit this vulnerability by calling
/// @dev the withdraw function with a large enough amount to
/// @dev cause an underflow. The attacker could then repeatedly
/// @dev call the withdraw function to drain all the
/// @dev funds from the contract.
contract OverflowUnderflowExploit {
uint256 public balance;
function deposit() public payable {
balance += msg.value;
}
function withdraw(uint256 amount) public {
if (balance >= amount) {
balance -= amount;
msg.sender.transfer(amount);
}
}
}
/// @dev use SafeMath
/// @dev use require()