Arithmetic vulnerabilities

Arithmetic vulnerabilities can include:

  • Integer overflows

  • Integer underflows

These are created in smart contract platforms when they use typed variables and/or support forced conversions between types

Many programming languages have a number of variable types designed to store integers, which may be long short, double-long, signed or unsigned, etc

Variables can be misinterpreted when forced conversions are enabled for several reasons, including:

  • Different variable types store different amounts of data

  • Some types contain positive and negative values but others store positive values

  • Signed and unsigned values may differ

PreviousGeneral programming vulnerabilitiesNextRight-to-left control character

Last updated