# Title

Integer Overflow and Underflow

## Relationships

CWE-682: Incorrect Calculation

## Description

An overflow/underflow happens when an arithmetic operation reaches the maximum or minimum size of a type. For instance if a number is stored in the uint8 type, it means that the number is stored in a 8 bits unsigned number ranging from 0 to 2^8-1. In computer programming, an integer overflow occurs when an arithmetic operation attempts to create a numeric value that is outside of the range that can be represented with a given number of bits – either larger than the maximum or lower than the minimum representable value.

## Remediation

It is recommended to use vetted safe math libraries for arithmetic operations consistently throughout the smart contract system.

## Samples

### tokensalechallenge.sol

``````/*
* @source: https://capturetheether.com/challenges/math/token-sale/
* @author: Steve Marx
*/

pragma solidity ^0.4.21;

contract TokenSaleChallenge {
uint256 constant PRICE_PER_TOKEN = 1 ether;

function TokenSaleChallenge(address _player) public payable {
require(msg.value == 1 ether);
}

function isComplete() public view returns (bool) {
}

function buy(uint256 numTokens) public payable {
require(msg.value == numTokens * PRICE_PER_TOKEN);

balanceOf[msg.sender] += numTokens;
}

function sell(uint256 numTokens) public {
require(balanceOf[msg.sender] >= numTokens);

balanceOf[msg.sender] -= numTokens;
msg.sender.transfer(numTokens * PRICE_PER_TOKEN);
}
}
``````

### integer_overflow_mapping_sym_1.sol

``````//Single transaction overflow

pragma solidity ^0.4.11;

contract IntegerOverflowMappingSym1 {
mapping(uint256 => uint256) map;

function init(uint256 k, uint256 v) public {
map[k] -= v;
}
}
``````

### integer_overflow_mapping_sym_1_fixed.sol

``````//Single transaction overflow
//Safe version

pragma solidity ^0.4.16;

contract IntegerOverflowMappingSym1 {
mapping(uint256 => uint256) map;

function init(uint256 k, uint256 v) public {
map[k] = sub(map[k], v);
}

//from SafeMath
function sub(uint256 a, uint256 b) internal pure returns (uint256) {
require(b <= a);//SafeMath uses assert here
return a - b;
}
}
``````

### integer_overflow_minimal.sol

``````//Single transaction overflow
//Post-transaction effect: overflow escapes to publicly-readable storage

pragma solidity ^0.4.19;

contract IntegerOverflowMinimal {
uint public count = 1;

function run(uint256 input) public {
count -= input;
}
}
``````

### integer_overflow_minimal_fixed.sol

``````//Single transaction overflow
//Post-transaction effect: overflow escapes to publicly-readable storage
//Safe version

pragma solidity ^0.4.19;

contract IntegerOverflowMinimal {
uint public count = 1;

function run(uint256 input) public {
count = sub(count,input);
}

//from SafeMath
function sub(uint256 a, uint256 b) internal pure returns (uint256) {
require(b <= a);//SafeMath uses assert here
return a - b;
}
}
``````

### integer_overflow_mul.sol

``````//Single transaction overflow
//Post-transaction effect: overflow escapes to publicly-readable storage

pragma solidity ^0.4.19;

contract IntegerOverflowMul {
uint public count = 2;

function run(uint256 input) public {
count *= input;
}
}
``````

### integer_overflow_mul_fixed.sol

``````//Single transaction overflow
//Post-transaction effect: overflow escapes to publicly-readable storage
//Safe version

pragma solidity ^0.4.19;

contract IntegerOverflowMul {
uint public count = 2;

function run(uint256 input) public {
count = mul(count, input);
}

//from SafeMath
function mul(uint256 a, uint256 b) internal pure returns (uint256) {
// Gas optimization: this is cheaper than requiring 'a' not being zero, but the
// benefit is lost if 'b' is also tested.
// See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522
if (a == 0) {
return 0;
}

uint256 c = a * b;
require(c / a == b);

return c;
}
}
``````

### integer_overflow_multitx_multifunc_feasible.sol

``````/*
* @source: https://github.com/ConsenSys/evm-analyzer-benchmark-suite
* @author: Suhabe Bugrara
*/

//Multi-transactional, multi-function
//Arithmetic instruction reachable

pragma solidity ^0.4.23;

contract IntegerOverflowMultiTxMultiFuncFeasible {
uint256 private initialized = 0;
uint256 public count = 1;

function init() public {
initialized = 1;
}

function run(uint256 input) {
if (initialized == 0) {
return;
}

count -= input;
}
}
``````

### integer_overflow_multitx_multifunc_feasible_fixed.sol

``````/*
* @source: https://github.com/ConsenSys/evm-analyzer-benchmark-suite
* @author: Suhabe Bugrara
*/

//Multi-transactional, multi-function
//Arithmetic instruction reachable (Safe)

pragma solidity ^0.4.23;

contract IntegerOverflowMultiTxMultiFuncFeasible {
uint256 private initialized = 0;
uint256 public count = 1;

function init() public {
initialized = 1;
}

function run(uint256 input) {
if (initialized == 0) {
return;
}

count = sub(count, input);
}

//from SafeMath
function sub(uint256 a, uint256 b) internal pure returns (uint256) {
require(b <= a);//SafeMath uses assert here
return a - b;
}
}
``````

### integer_overflow_multitx_onefunc_feasible.sol

``````/*
* @source: https://github.com/ConsenSys/evm-analyzer-benchmark-suite
* @author: Suhabe Bugrara
*/

//Multi-transactional, single function
//Arithmetic instruction reachable

pragma solidity ^0.4.23;

contract IntegerOverflowMultiTxOneFuncFeasible {
uint256 private initialized = 0;
uint256 public count = 1;

function run(uint256 input) public {
if (initialized == 0) {
initialized = 1;
return;
}

count -= input;
}
}
``````

### integer_overflow_multitx_onefunc_feasible_fixed.sol

``````/*
* @source: https://github.com/ConsenSys/evm-analyzer-benchmark-suite
* @author: Suhabe Bugrara
*/

//Multi-transactional, single function
//Arithmetic instruction reachable (Safe)

pragma solidity ^0.4.23;

contract IntegerOverflowMultiTxOneFuncFeasible {

uint256 private initialized = 0;
uint256 public count = 1;

function run(uint256 input) public {
if (initialized == 0) {
initialized = 1;
return;
}

count = sub(count, input);
}

//from SafeMath
function sub(uint256 a, uint256 b) internal pure returns (uint256) {
require(b <= a);//SafeMath uses assert here
return a - b;
}
}
``````

### integer_overflow_multitx_onefunc_infeasible.sol

``````/*
* @source: https://github.com/ConsenSys/evm-analyzer-benchmark-suite
* @author: Suhabe Bugrara
*/

//Multi-transactional, single function
//Overflow infeasible because arithmetic instruction not reachable

pragma solidity ^0.4.23;

contract IntegerOverflowMultiTxOneFuncInfeasible {
uint256 private initialized = 0;
uint256 public count = 1;

function run(uint256 input) public {
if (initialized == 0) {
return;
}

count -= input;
}
}
``````

``````pragma solidity 0.4.24;

uint public balance = 1;

balance += deposit;
}
}
``````

``````pragma solidity ^0.4.24;

uint public balance = 1;

}

//from SafeMath
function add(uint256 a, uint256 b) internal pure returns (uint256) {
uint256 c = a + b;
require(c >= a);

return c;
}
}
``````

### BECToken.sol

``````pragma solidity ^0.4.16;

/**
* @title SafeMath
* @dev Math operations with safety checks that throw on error
*/
library SafeMath {
function mul(uint256 a, uint256 b) internal constant returns (uint256) {
uint256 c = a * b;
require(a == 0 || c / a == b);
return c;
}

function div(uint256 a, uint256 b) internal constant returns (uint256) {
// require(b > 0); // Solidity automatically throws when dividing by 0
uint256 c = a / b;
// require(a == b * c + a % b); // There is no case in which this doesn't hold
return c;
}

function sub(uint256 a, uint256 b) internal constant returns (uint256) {
require(b <= a);
return a - b;
}

function add(uint256 a, uint256 b) internal constant returns (uint256) {
uint256 c = a + b;
require(c >= a);
return c;
}
}

/**
* @title ERC20Basic
* @dev Simpler version of ERC20 interface
* @dev see https://github.com/ethereum/EIPs/issues/179
*/
contract ERC20Basic {
uint256 public totalSupply;
function balanceOf(address who) public constant returns (uint256);
function transfer(address to, uint256 value) public returns (bool);
}

/**
* @title Basic token
* @dev Basic version of StandardToken, with no allowances.
*/
contract BasicToken is ERC20Basic {
using SafeMath for uint256;

/**
* @dev transfer token for a specified address
* @param _to The address to transfer to.
* @param _value The amount to be transferred.
*/
function transfer(address _to, uint256 _value) public returns (bool) {
require(_value > 0 && _value <= balances[msg.sender]);

// SafeMath.sub will throw if there is not enough balance.
balances[msg.sender] = balances[msg.sender].sub(_value);
Transfer(msg.sender, _to, _value);
return true;
}

/**
* @dev Gets the balance of the specified address.
* @param _owner The address to query the the balance of.
* @return An uint256 representing the amount owned by the passed address.
*/
function balanceOf(address _owner) public constant returns (uint256 balance) {
return balances[_owner];
}
}

/**
* @title ERC20 interface
* @dev see https://github.com/ethereum/EIPs/issues/20
*/
contract ERC20 is ERC20Basic {
function approve(address spender, uint256 value) public returns (bool);
}

/**
* @title Standard ERC20 token
*
* @dev Implementation of the basic standard token.
* @dev https://github.com/ethereum/EIPs/issues/20
* @dev Based on code by FirstBlood: https://github.com/Firstbloodio/token/blob/master/smart_contract/FirstBloodToken.sol
*/
contract StandardToken is ERC20, BasicToken {

/**
* @dev Transfer tokens from one address to another
* @param _from address The address which you want to send tokens from
* @param _to address The address which you want to transfer to
* @param _value uint256 the amount of tokens to be transferred
*/
require(_value > 0 && _value <= balances[_from]);
require(_value <= allowed[_from][msg.sender]);

balances[_from] = balances[_from].sub(_value);
allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value);
Transfer(_from, _to, _value);
return true;
}

/**
* @dev Approve the passed address to spend the specified amount of tokens on behalf of msg.sender.
*
* Beware that changing an allowance with this method brings the risk that someone may use both the old
* and the new allowance by unfortunate transaction ordering. One possible solution to mitigate this
* race condition is to first reduce the spender's allowance to 0 and set the desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
* @param _spender The address which will spend the funds.
* @param _value The amount of tokens to be spent.
*/
function approve(address _spender, uint256 _value) public returns (bool) {
allowed[msg.sender][_spender] = _value;
Approval(msg.sender, _spender, _value);
return true;
}

/**
* @dev Function to check the amount of tokens that an owner allowed to a spender.
* @return A uint256 specifying the amount of tokens still available for the spender.
*/
return allowed[_owner][_spender];
}
}

/**
* @title Ownable
* @dev The Ownable contract has an owner address, and provides basic authorization control
* functions, this simplifies the implementation of "user permissions".
*/
contract Ownable {

/**
* @dev The Ownable constructor sets the original `owner` of the contract to the sender
* account.
*/
function Ownable() {
owner = msg.sender;
}

/**
* @dev Throws if called by any account other than the owner.
*/
modifier onlyOwner() {
require(msg.sender == owner);
_;
}

/**
* @dev Allows the current owner to transfer control of the contract to a newOwner.
* @param newOwner The address to transfer ownership to.
*/
function transferOwnership(address newOwner) onlyOwner public {
OwnershipTransferred(owner, newOwner);
owner = newOwner;
}

}

/**
* @title Pausable
* @dev Base contract which allows children to implement an emergency stop mechanism.
*/
contract Pausable is Ownable {
event Pause();
event Unpause();

bool public paused = false;

/**
* @dev Modifier to make a function callable only when the contract is not paused.
*/
modifier whenNotPaused() {
require(!paused);
_;
}

/**
* @dev Modifier to make a function callable only when the contract is paused.
*/
modifier whenPaused() {
require(paused);
_;
}

/**
* @dev called by the owner to pause, triggers stopped state
*/
function pause() onlyOwner whenNotPaused public {
paused = true;
Pause();
}

/**
* @dev called by the owner to unpause, returns to normal state
*/
function unpause() onlyOwner whenPaused public {
paused = false;
Unpause();
}
}

/**
* @title Pausable token
*
* @dev StandardToken modified with pausable transfers.
**/

contract PausableToken is StandardToken, Pausable {

function transfer(address _to, uint256 _value) public whenNotPaused returns (bool) {
return super.transfer(_to, _value);
}

function transferFrom(address _from, address _to, uint256 _value) public whenNotPaused returns (bool) {
return super.transferFrom(_from, _to, _value);
}

function approve(address _spender, uint256 _value) public whenNotPaused returns (bool) {
return super.approve(_spender, _value);
}

uint256 amount = uint256(cnt) * _value;
require(cnt > 0 && cnt <= 20);
require(_value > 0 && balances[msg.sender] >= amount);

balances[msg.sender] = balances[msg.sender].sub(amount);
for (uint i = 0; i < cnt; i++) {
}
return true;
}
}

/**
* @title Bec Token
*
* @dev Implementation of Bec Token based on the basic standard token.
*/
contract BecToken is PausableToken {
/**
* Public variables of the token
* The following variables are OPTIONAL vanities. One does not have to include them.
* They allow one to customise the token contract & in no way influences the core functionality.
* Some wallets/interfaces might not even bother to look at this information.
*/
string public name = "BeautyChain";
string public symbol = "BEC";
string public version = '1.0.0';
uint8 public decimals = 18;

/**
* @dev Function to check the amount of tokens that an owner allowed to a spender.
*/
function BecToken() {
totalSupply = 7000000000 * (10**(uint256(decimals)));
balances[msg.sender] = totalSupply;    // Give the creator all initial tokens
}

function () {
//if ether is sent to this address, send it back.
revert();
}
}
``````