Theory

Overflow and Underflow Attacks on Smart Contracts

Overflow:

An overflow occurs when a mathematical operation on integers attempts to produce a value exceeding the highest representable value for the chosen data type. This can be visualized as arithmetic wrapping around due to the finite range integers can hold within a specific data type.

Underflow:

The counterpart to overflow, underflow arises when an arithmetic operation on integers results in a value lower than the minimum representable value for the data type employed.

Uint8 and Uint16 are data types commonly used in Solidity, a programming language specifically designed for creating smart contracts on the Ethereum blockchain.

Uint8:

Uint16:

Re-entrancy

The re-entrancy attack is one of the most destructive attacks in Solidity smart contracts. A re-entrancy attack occurs when a function makes an external call to another untrusted contract, and then the untrusted contract makes a recursive call back to the original function in an attempt to drain funds.

A re-entrancy attack involves two smart contracts: a vulnerable contract and an untrusted attacker’s contract.

Accessing Private Data

When writing code for a blockchain-based application, you can define a variable as public or private. The purpose of defining a variable as private is to prevent other contracts from modifying it. However, blockchains are designed to be transparent, meaning that regardless of whether a variable is private or public, everyone can read it. Therefore, storing sensitive information like passwords is a very bad idea.