Integer Underflow

What is Integer Underflow?

Integer underflow is a smart contract vulnerability that occurs when a subtraction operation attempts to produce a negative result in an unsigned integer type. Since unsigned integers cannot be negative, the result wraps around to an extremely large positive number, potentially allowing attackers to bypass balance checks and claim funds they do not own.

How it Works

Unsigned integers in Solidity can only hold non-negative values. When subtracting a larger number from a smaller one, older Solidity versions would wrap the result to near the maximum uint256 value. For instance, subtracting 1 from 0 in a uint256 would yield 2^256-1, an astronomically large number.

The attack pattern typically follows:

1. Attacker identifies a subtraction that can produce a negative result
2. By manipulating inputs, the attacker triggers an underflow
3. The result becomes an enormous positive number
4. This inflated value passes balance or allowance checks
5. Attacker withdraws or transfers funds they never deposited

Practical Example

The Proof of Weak Hands (PoWH) Coin exploit in 2018 showcased integer underflow devastation. The contract allowed users to sell tokens, but the balance subtraction had no underflow protection. Attackers with minimal token balances sold more than they owned, underflowing their balance to maximum values. They then withdrew the inflated balance, draining the entire contract of approximately 866 ETH.

Why it Matters

Modern Solidity versions include built-in underflow protection, but the vulnerability persists in legacy contracts and intentionally unchecked code blocks. Auditors must verify that all arithmetic operations handling user balances, allowances, and critical state variables have proper protections. Understanding underflow is essential for evaluating the security of any DeFi protocol, especially those deployed before 2021.