Created
September 12, 2018 02:59
-
-
Save asselstine/c3632e4a04d154d1da3b384e71db1952 to your computer and use it in GitHub Desktop.
A Simple Example of Integer underflow
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pragma solidity ^0.4.4; | |
| /* | |
| This contract is vulnerable to an attacker exploting | |
| integer underflow. When you subtract from unsigned integers | |
| at their lowest value (0), they cycle to their highest value. | |
| Similarly, adding 1 to a max value unsigned integer will | |
| cycle it to zero. | |
| */ | |
| contract IntUnderflow { | |
| uint32 public reputation; | |
| function IntUnderflow() public { | |
| reputation = 0; | |
| } | |
| function upvote() external { | |
| reputation += 1; | |
| } | |
| // if reputation is zero, this will cause reputation | |
| // to underflow to 2^32 -1 | |
| function downvote() external { | |
| reputation -= 1; | |
| } | |
| function getReputation() public constant returns (uint32) { | |
| return reputation; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment