Skip to main content

Integer Underflow

What it detects

This detector identifies cases where integer subtraction may result in underflow, i.e., when a smaller number is subtracted from a larger one, producing a result that wraps around to an extremely large value.

In Solidity versions prior to 0.8.0, arithmetic operations like subtraction did not have built-in overflow or underflow checks. As a result, subtracting a larger number from a smaller one would not revert but instead yield a massive uint256 value (i.e., wrapping behavior due to modular arithmetic).

While Solidity 0.8+ prevents this by default, developers can still reintroduce underflow risks using the unchecked block, which disables these safety checks for gas optimization or intentional behavior.

This detector flags:

  • Subtraction operations within unchecked blocks that can underflow
  • Legacy-style arithmetic patterns without validation
  • Dangerous balance or counter decrements that lack proper bounds checks

Typical symptoms

  • Balances or counters unexpectedly increase after an operation meant to reduce them
  • Smart contracts using unchecked blocks for arithmetic without validating operands
  • Unusual token mints or allowances due to wrapped values
  • Difficulty in reproducing or debugging logic errors during testing

Solidity snippet (v0.8.25)

pragma solidity ^0.8.25;

contract Underflow {
    function dec(uint256 a, uint256 b) external pure returns (uint256) {
        unchecked {
            // If b > a, result wraps to a large uint256 value
            return a - b;
        }
    }
}

Corrected Version

function dec(uint256 a, uint256 b) external pure returns (uint256) {
    require(a >= b, "Underflow risk");
    return a - b;
}

Why it matter on EVM

The EVM uses fixed-size unsigned integers (like uint256), which behave like modular arithmetic. Without proper bounds checking, subtracting a larger number from a smaller one will not throw an error, it will wrap around to a high number (e.g., 0 - 1 becomes 2**256 - 1)

Underflow vulnerabilities can be exploited by attackers to:

  • Inflate token balances or allowances
  • Reset counters, enabling repeated actions
  • Bypass limits on withdrawals, votes, or access
  • Manipulate on-chain accounting to destabilize a protocol

Even though newer Solidity versions protect against this by default, developers using unchecked for performance or operating on older contracts must remain vigilant. Proper input validation and audit practices are critical to preventing underflow-based exploits.