Integer Overflow

What it detects

The detector analyzes addition and multiplication that can overflow when executed inside unchecked blocks or on Solidity versions prior to 0.8. Overflowed values wrap to zero or a small number, breaking contract logic.

Typical symptoms

Account balances or counters reset unexpectedly to small values (e.g., zero)
Arithmetic within unchecked blocks that assumes overflow won’t happen
Contracts using addition or multiplication in loops or without input constraints

Solidity snippet (v0.8.25)

pragma solidity ^0.8.25;

contract Overflow {
    function add(uint256 a, uint256 b) external pure returns (uint256) {
        unchecked {
            // Wraps on overflow
            return a + b;
        }
    }
}

In the above code, if a and b are large enough to overflow uint256, the result will silently wrap around to a much smaller value, potentially causing logical or financial errors.

Why it matters on EVM

Integer overflows in the EVM can allow:

Bypassing accounting checks
Draining or inflating balances
Skipping loop termination conditions
Creating denial-of-service or infinite loop scenarios

Even though Solidity 0.8+ includes built-in overflow protection, unsafe usage of unchecked can reintroduce this classic vulnerability.

Never use unchecked unless you're 100% sure overflow is impossible or irrelevant.

What it detects​

Typical symptoms​

Solidity snippet (v0.8.25)​

Why it matters on EVM​

What it detects

Typical symptoms

Solidity snippet (v0.8.25)

Why it matters on EVM