Money for nothing with smart contracts

August 29, 2019

Are you interested in smart contracts? Do you know what integer overflow is? In fact, integer overflow is a problem from the realm of programming, but a smart contract is in essence a program, so you might want to understand what it is all about.

Simply put, if an unsigned integer is stored in a single, byte-long memory cell, it can take only  those values ranging from 0 to 255. That means, if no further conditions are specified, 255 + 1 = 0. More worrying, 0 – 1 = 255. This is how most modern processors process this data.

In many modern programming languages, the program itself controls whether an overflow has occurred during arithmetic operations. If it has, chances are that’s not what the programmer had in mind, so it is best to interrupt the program and make sure it won’t cause bugs later on.

What do smart contracts have to do with all this?

No such control is provided in smart contracts for Ethereum when processing money. In other words, if you have zero tokens and send one to friend, you will get a quintillion tokens. Obviously, the program should be interrupted right then, and the incorrect transaction canceled.

Why Ethereum developers would implement their arithmetic that way is a mystery. But for universal human math rules to apply to smart contracts, every smart contract programmer has to add more than 100 lines of code containing the normal functions for addition, multiplication, and so forth.

Otherwise, with a quintillion credited to their account, the sky’s the limit. A swindler could enter a cryptocurrency exchange and buy all the bitcoins or ether they want. At any price.

That scenario isn’t purely theoretical; it’s actually happened a number of times with several types of currency. Usually, we learn about the code problem after the perpetrator has pulled off the trick and disappeared with full pockets. But even after that, nothing can be done: smart contracts are written in stone, they cannot be changed or patched.

Overflow and Bitcoin

Truth be told, the problem of integer overflow is not limited to Ethereum. Long before it, Bitcoin had the same problem, too.

Integer overflow caused two Bitcoin wallets to end up with 184 billion bitcoins on August 15, 2010. Needless to say, this was not a welcome development for the founders. They (i.e., Satoshi Nakamoto) quickly modified the code, fixed the bug, rolled back the financial history, and pretended nothing had happened.

But what does history rollback mean? An example: If I bought $10,000 worth of bitcoins on that particular day, the rollback would cause my bitcoins to fly back to the seller — unlike my dollars, which I wouldn’t get back. And if a rollback were performed now instead of back in 2010, the consequences would be colossal, because now, every day sees about $5 billion worth of bitcoin trades.

The preceding, and other cases as well, demonstrates that blockchain is unchangeable only if everything goes according to plan. Otherwise, both plan and blockchain can be changed.

Back to smart contracts

The Ethereum developers’ decision seems rather weird — it looks as though they have arranged traps for smart contract programmers. You have to be very experienced or focused (or both) to save yourself or your investors from potentially losing all of your money overnight. And that is yet another reason smart contract code needs careful verification. As part of Kaspersky Token Offering Security, our experts analyze smart contracts code for vulnerabilities and undocumented features. You can read more about it on our Token Offering Security page.