Attacker Balance Gain

What it detects

This detector identifies situations where incorrect arithmetic operations or missing validation checks allow users (especially attackers) to artificially inflate their balance of tokens, ether, or accounting units. These issues often stem from logic bugs that over-credit balances without matching value deductions or verifications.

Examples include:

Multiplying inputs without verifying authorization or expected behavior
Failing to subtract balances before adding to another account
Ignoring edge cases like overflow (pre-Solidity 0.8) or repeated calls

Typical symptoms

User balance increases disproportionately compared to their input or without any input
Transfers or mint-like operations result in a net increase of user funds without a source offset
The total supply does not reflect actual distribution or expected constraints

Solidity snippet (v0.8.25)

pragma solidity ^0.8.25;

contract BalanceBug {
    mapping(address => uint256) public balances;

    function give(address user, uint256 amount) external {
        // Logic flaw: attacker-controlled input can double their credit
        // No authorization or cap checks applied
        balances[user] += amount * 2;
    }
}

##W hy it matters on EVM

The Ethereum Virtual Machine relies on strict value accounting to ensure fairness and security. If attackers can gain extra funds without providing equivalent value, they can disrupt ecosystems by inflating token supply, draining reward pools, or manipulating governance. Such vulnerabilities erode user trust and may lead to severe financial loss or protocol failure.

What it detects​

Typical symptoms​

Solidity snippet (v0.8.25)​

What it detects

Typical symptoms

Solidity snippet (v0.8.25)