Arithmetic Overflow and Underflow | Hack Solidity (0.6)
Summary
TLDRThis video tutorial delves into the concept of overflow and underflow in smart contracts, particularly using the example of a time-locked contract vulnerable to such issues. It demonstrates how overflow can allow unauthorized early withdrawal by manipulating contract time, and introduces the Safe Math library by OpenZeppelin to prevent such exploits, showcasing its implementation to safeguard against numeric vulnerabilities.
Takeaways
- 📚 Overflow and underflow are vulnerabilities in smart contracts that occur when numbers exceed their maximum or minimum range, causing unexpected results.
- 🔢 In Solidity, the 'uint256' data type can represent numbers from 0 to 2^256 - 1, and exceeding this range leads to overflow.
- ⏱ Overflow can be exploited to manipulate the 'lock time' in a smart contract, allowing immediate withdrawal instead of waiting for the set period.
- 💡 The script demonstrates a smart contract called 'TimeLock' that is vulnerable to overflow, allowing attackers to bypass the intended waiting period.
- 🛠 To exploit the vulnerability, an 'attack' contract is created, which sends a specific (overflow-inducing) value to the 'TimeLock' contract to reset the lock time to zero.
- 🔄 The overflow is achieved by calculating a value that, when added to the current lock time, equals 2^256, causing the lock time to wrap around to zero.
- 🛡 To prevent overflow and underflow vulnerabilities, the script recommends using the 'SafeMath' library, which checks for arithmetic operations that could lead to overflow.
- 📝 The 'SafeMath' library adds functions like 'add', 'sub', 'mul', and 'div' to the 'uint256' type, ensuring that arithmetic operations are safe from overflow.
- 🔬 The script includes a practical demonstration of how using 'SafeMath' can prevent the overflow exploit, making the 'TimeLock' contract secure against such attacks.
- 🔗 The video provides a link to the code in the description for further exploration and learning about overflow, underflow, and smart contract security.
Q & A
What is an overflow in the context of the video?
-An overflow occurs when a number exceeds the maximum range it can represent, causing the excess to wrap around and start counting from zero, resulting in a smaller number than intended.
What is underflow, and how does it differ from overflow?
-Underflow is similar to overflow but happens in the opposite direction. It occurs when a number is smaller than the minimum range, causing it to count backward from the maximum number, resulting in a larger number than intended.
What is the significance of the number 2^256 in the context of unsigned integers?
-The number 2^256 represents the maximum value that an unsigned integer with 256 bits can hold. It signifies the upper limit before an overflow occurs.
How does the video demonstrate an overflow example using unsigned integers?
-The video demonstrates an overflow by showing what happens when a number exceeds the maximum value of 2^256 - 1. It explains that adding 3 to this maximum value would wrap around to 2, illustrating the overflow effect.
What is the 'TimeLock' contract mentioned in the video, and what is its purpose?
-The 'TimeLock' contract is a smart contract that allows users to deposit Ether with the condition that they must wait at least one week before they can withdraw it. It uses mappings to keep track of balances and lock times.
How can a vulnerability in the 'TimeLock' contract be exploited to bypass the one-week waiting period?
-The vulnerability can be exploited by causing an unsigned integer overflow in the lock time mapping. By depositing Ether and then increasing the lock time with a huge number that causes an overflow, the lock time can be reset to zero, allowing immediate withdrawal.
What is the 'SafeMath' library, and how does it help prevent overflow and underflow?
-The 'SafeMath' library is a collection of mathematical functions that automatically check for overflow and underflow conditions. By using this library, operations that would result in an overflow or underflow will revert, preventing the exploit.
How can the 'TimeLock' contract be modified to incorporate the 'SafeMath' library and prevent overflows?
-The 'TimeLock' contract can be modified by importing the 'SafeMath' library and using its functions for arithmetic operations, such as 'add', instead of the default unsigned integer operations. This ensures that any operation that would cause an overflow will be prevented.
What is the purpose of the 'attack' contract demonstrated in the video?
-The 'attack' contract is a demonstration of how an attacker could exploit the overflow vulnerability in the 'TimeLock' contract to withdraw Ether without waiting for the required one-week period.
How does the video show the successful prevention of the overflow attack after implementing 'SafeMath'?
-The video shows that after recompiling and deploying the 'TimeLock' contract with 'SafeMath', attempting the overflow attack with the 'attack' contract results in a transaction failure due to the 'SafeMath' library's overflow check.
What is the final recommendation of the video for preventing overflow and underflow in smart contracts?
-The final recommendation is to use the 'SafeMath' library or similar mathematical libraries that include overflow and underflow checks to secure smart contracts against such vulnerabilities.
Outlines
📈 Understanding Overflow and Underflow in Smart Contracts
This paragraph introduces the concepts of overflow and underflow in the context of smart contracts, particularly with unsigned integers. Overflow occurs when a number exceeds the maximum value it can represent, causing it to wrap around to a smaller number. Underflow is the opposite, where a number less than the minimum range wraps around to a larger number. The speaker uses the example of a 256-bit unsigned integer to illustrate these concepts, explaining the range it can represent and how numbers outside this range behave. The importance of being cautious with number handling in Solidity is emphasized due to the lack of warnings or errors for these conditions.
💡 Smart Contract Vulnerability: TimeLock Exploitation
The second paragraph delves into a specific smart contract vulnerability related to overflow and underflow, using a TimeLock contract as an example. This contract allows users to deposit Ether with a one-week lock period before withdrawal. The speaker describes how an attacker can exploit the overflow vulnerability by manipulating the lock time to a very large number, causing an unsigned integer overflow that resets the lock time to zero, thereby allowing immediate withdrawal. The paragraph outlines the steps of the attack, including depositing Ether, increasing the lock time with a crafted large number to trigger overflow, and then withdrawing the funds without waiting.
🛡️ Preventing Overflow and Underflow with Safe Math Library
The final paragraph discusses how to prevent the overflow and underflow vulnerabilities in smart contracts. The speaker introduces the Safe Math library by OpenZeppelin, which automatically checks for overflow and underflow conditions and reverts transactions if such conditions are detected. The paragraph explains the integration of the Safe Math library into the TimeLock contract to protect against the previously described attack. By using the 'add' function from the Safe Math library, the contract ensures that the lock time cannot be manipulated to cause an overflow, thus securing the contract against such exploits.
Mindmap
Keywords
💡Overflow
💡Underflow
💡Smart Contract
💡Unsigned Integer (uint)
💡TimeLock Contract
💡Exploit
💡Safe Math Library
💡Arithmetic Operations
💡Solidity
💡Attack Contract
💡Transaction
Highlights
Introduction to overflow and underflow in the context of smart contracts.
Explanation of overflow as a situation where a number exceeds the maximum range and wraps around to a smaller number.
Description of underflow, which is the opposite of overflow, causing numbers to count backwards from the maximum.
Use of the unsigned integer (uint) data type in smart contracts to represent a range of numbers.
Example of how an overflow occurs with a uint256 data type and the resulting wrap-around effect.
Solidity's lack of warnings or errors for overflow and underflow, emphasizing the need for caution.
Introduction of a smart contract called TimeLock that is vulnerable to overflow and underflow attacks.
Explanation of the TimeLock contract's functionality, including depositing and withdrawing with a one-week lock period.
Demonstration of how to exploit the TimeLock contract by causing an overflow in the lock time.
Mathematical approach to finding the exact number that causes an overflow in the contract's lock time.
Creation of an 'attack' contract to exploit the TimeLock contract by manipulating the lock time.
Deployment of the attack contract and the process of exploiting the TimeLock contract to withdraw funds immediately.
Verification of the successful overflow exploit by checking the lock time of the TimeLock contract.
Prevention of overflow and underflow attacks by using the SafeMath library from OpenZeppelin.
Integration of SafeMath into the TimeLock contract to prevent overflow and underflow vulnerabilities.
Testing the updated TimeLock contract with the SafeMath library to ensure the overflow exploit no longer works.
Conclusion summarizing the importance of using SafeMath to secure smart contracts against numerical vulnerabilities.
Transcripts
hey everyone in this video we will learn
about overflow and on the floor
first of all I'll explain what it is and
then we'll examine a smart contract that
is vulnerable to overflow and on the
flow and that's the I'll show how you
can protect your smart contract code
from overflow and on the flow alright so
what are overflow and on the flow
overflow occurs when a number is too big
the part that exceeds the maximum range
is count from zero again so you end up
with a number that is smaller than what
you started with on the flow is similar
to overflow and it happens in the
opposite direction when a number is
smaller than the minimum range it starts
counting back from the maximum number
and you end up with a number that is
greater than what you started with let's
look at an example using youant which
stands for unsigned integer now the
datatype youant is a short name for you
and 256 and what does this 256 tell us
well it means that it can represent to
the 256 numbers ranging from 0 to 2 to
the 256 minus 1 so let's look at
overflow what happens when a number is
greater than 2 to the 256 minus 1 so
over here on the right we have X which
is beyond the maximum range how the
solidity handle a number that is beyond
the range well it wraps around and then
starts counting forward from 0 for
example let's say that the number X is 3
greater than the maximum range and now
let's calculate where this number is
going to end up well 1 beyond the
maximum number will get us back to 0 2
beyond the maximum number will land at 1
and finally 3 beyond the maximum number
will land at 2 so if the number is 3
plus the maximum number then it wraps
around and we end up at 2 so this is
overflow and when a number overflows so
Lily does not give you any warnings or
errors it just doesn't care on the floor
things in the opposite direction of
overflow so here we have a number that
is less than zero which is the minimum
range in this case what will happen is
that the number will be counted
backwards from the maximum number let's
see an example using the number negative
two
where would negative two end up on the
range between 0 and 2 to the 256 minus 1
well minus 1 will give us the maximum
number which is 2 to the 256 minus 1 and
negative 2 will be 1 less than that
which is 2 to 256 minus 2 this is on the
flow and again solidity will not give
you any warnings or errors so when
you're dealing with numbers and solidity
you gotta be careful of overflow and
underflow let's now examine a contract
that is born wall to this behavior time
mark is a contract where you can deposit
eater and you have to wait at least one
week before you can withdraw the amount
of meter that you deposit into this
contract is kept in a mapping called
balances the time at which you can
withdraw is kept in a mapping called
lock time we need to posit either into
this contract it does two things it
first updates your balance and then it
updates long time to one week from now
so this means that you won't be able to
withdraw from this contract for at least
one week and you can see how this
mapping is used in the withdrawal
function so let's take a look so you
deposited some meter into this contract
waited one week and now you want to
withdraw from it the function withdrawal
will first check that you have some
meters deposited into this contract and
this is done by checking that the
balances mapping of your address is
greater than 0
next it checks that the current time is
greater than the law of time so if you
try to call this function before one
week has passed since you deposited this
check will fail and you won't be able to
withdraw after the two checks about pass
we update the
and then send the ether back to you
that's how the withdrawal function works
now if you want to increased a lot of
time say one month then you can do that
by calling this function increase long
time for the input you passing the
settings to increased a lot time by and
then it will add the settings to
increase to the current log time so this
is how the contract time table works it
allows you to deposit but you have to
wait a minimum of one week before you
can withdraw and you can also increase
the time log by calling increased log
time this contract is vulnerable to you
and overflow I'm going to show you how
you can withdraw from this contract
without waiting one week and the basic
idea behind this hack is to update Bob
time with a very huge number the
contract that's going to hack the time
they'll contract above will name it
attack will store the contract that's
going to be exploited in a state
variable called time bok and using a
constructor we'll set our target here
we're going to need a payable fallback
function so that we can receive the
liter withdrawn from the time log
contract to initiate the attack will
create a function called attack we're
going to be sending some meter to the
time log contract so we will declare
this function as payable and when we
call this function will sense a meter to
this function and then send the heater
that is sent to this function to the
time-lock contract you'll first deposit
ether into the time of contract by
calling time not deposit and this will
set the time that to one week from now
so that if you try to withdraw
immediately then they will fail so
before we can call the withdrawal
function will increase the lap time by
some huge number which will cause a
youant to overflow and then we can call
withdrawal so what's the huge number
that we need to pass in here to cause a
UN overflow
well let's do some math we'll say that T
is a current of time
we need to do is find X such that X plus
T is equal to 2 to the 256 and 2 to the
256 is equal to 0 since the overflow
causes the number to wrap back to 0 we
do some simple algebra - in T from both
sides of the equation and we get X is
equal to minus T so this means that if
we pass minus T to this function here
then this will cause an overflow and the
current valvetime will equal to 0 we can
get the current bulk time by calling
time log log time and then pass in the
address of this contract and you'll put
a negative sign up in front and then
cast it into a you end by wrapping it in
you and now this doesn't look like a big
number but it is over here we're using
on the flow to create a real big number
and what this number represents is 2 to
the 256
minus T word he is the current long time
and this completes the function that's
going to be able to deposit and then
immediately withdraw by exploiting
youant overflow let's see this in action
here I have the time of contract and
attack contract deploy the attack
contract was deployed using the address
of the time log which was passed him by
copying the address of the time of
contract and then pasting it in here and
then hitting deploy let's say that
account 1 is Eve and she's going to
deposit one meter into the time log
contract so you'll call the function
deposit with one meter and now if you
try to withdraw you can see here that
the transaction fails with long time not
expired so you'll have to wait at least
one week before you can withdraw from
this contract but using the attack
contract that we wrote here
we will be able to deposit and then
immediately withdraw so you'll send one
meter again and then call attack and you
can see here that the transaction was
successful so we were able to withdraw
without waiting one week and this is
because we caused the overflow on the
lab time and we can check that the log
time did indeed overflow by copying the
address and then checking the long time
of that contract
so over here we are passing the address
of the attack contract and then hit long
time and you can see here that this is
equal to zero so that's you and overflow
let's now see how we can prevent this
exploit the way you prevent agent
overflow is by using math libraries like
safe math by opens up in the library
works by Turing on air when there is an
overflow or on the floor we will import
the safe math library from github and
inside the time lock contract you'll say
using safe math for you and and this
will add extra functions to the you
entered data type so that you'll be able
to do is something like my youant dot
add one two three inside the function
increased long time we'll update this
line by saying the new dot time is equal
to the current valve time plus the
settings to increase and this add
function over here will take care of you
and overflow if the addition of these
number results you know you and overflow
then this function will turn on air and
call to this function will fail so
that's how you use safe math to prevent
you and overflow and on the phone let's
check that this works by using the
attack contract again so i recompile the
time lock contract and attack contract
and then we deploy them here so you call
the attack function so will send one
eater and
all that and you can see here that the
transaction fail with safe math edition
overflow so in summary using safe math
we were able to prevent attacks from you
and overflow and on the flow that's all
I got to say for this video I'll put the
link to this code here in the
descriptions below if you have any
questions or comments you can comment
below or you can send me a message on
this cord have a nice weekend and see
you later
浏览更多相关视频
Metasploit For Beginners - How To Scan And Pwn A Computer | Learn From A Pro Hacker
What is DeFi? A Beginner’s Guide to Decentralized Finance
Get Into The Attacker's Mindset
Pandas Creating Columns - Data Analysis with Python Course
Delegatecall | Solidity 0.8
OBLICON_GENERAL PROVISION ON CONTRACTS PART 3
5.0 / 5 (0 votes)