Integer Overflow
Integer overflow occurs when an arithmetic operation produces a value that exceeds the maximum (or falls below the minimum) value a fixed-size integer type can represent, wrapping around to an incorrect result.
In Depth
Integer overflow and underflow were historically among the most dangerous smart contract vulnerabilities. In Solidity versions prior to 0.8.0, arithmetic operations silently wrapped on overflow — for example, a uint8 value of 255 plus 1 would wrap to 0 — enabling attackers to manipulate balances and bypass checks. Solidity 0.8.0 introduced built-in overflow checks that cause transactions to revert on overflow by default. However, developers can still use unchecked blocks to bypass these checks for gas optimization, reintroducing the risk. Fuzzing is highly effective at catching arithmetic edge cases by testing functions with boundary values, large numbers, and zero inputs that manual testing often overlooks.
Frequently Asked Questions
What is integer overflow in Solidity?
Integer overflow in Solidity occurs when an arithmetic operation exceeds the maximum value of a fixed-size integer type. For example, adding 1 to the maximum uint256 value would wrap to 0 in pre-0.8.0 Solidity. Since Solidity 0.8.0, arithmetic reverts on overflow by default.
Are integer overflows still a concern in modern Solidity?
Yes, because developers can use unchecked blocks to disable overflow checks for gas savings. Code inside unchecked blocks behaves like pre-0.8.0 Solidity and can silently overflow. Any unchecked arithmetic must be carefully reviewed and tested.
How does fuzzing detect integer overflow bugs?
Fuzzers generate random inputs including boundary values (0, 1, type(uint256).max) and large numbers that are likely to trigger overflows. By checking invariants after each call, the fuzzer can detect when an overflow leads to incorrect balances, broken accounting, or other state violations.