Token

Start with 20 tokens and end up with a large amount, exploiting an underflow vulnerability.

Vulnerable Code

Analyze the Solidity code below to find the vulnerability.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract Token {

  mapping(address => uint) balances;
  uint public totalSupply;

  constructor(uint _initialSupply) {
    totalSupply = _initialSupply;
    balances[msg.sender] = _initialSupply;
  }

  function transfer(address _to, uint _value) public returns (bool) {
    require(balances[msg.sender] - _value >= 0); // Vulnerable line
    balances[msg.sender] -= _value;
    balances[_to] += _value;
    return true;
  }

  function balanceOf(address _owner) public view returns (uint balance) {
    return balances[_owner];
  }
}

Submit Explanation

Explain the vulnerability and how to exploit it.

Your Explanation

Hints (4)

Just a little peak

Hint 1

Hint 2

Hint 3

Hint 4

Explanation

Discomfort = Learning

Token

Unveil Explanation