Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

apegurus/overflow-underflow

Name: overflow-underflow
Author: apegurus

skills/vulnerability-patterns/overflow-underflow/SKILL.md

npx skillsauth add apegurus/solidity-argus overflow-underflow

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Integer Overflow and Underflow

Preconditions

Solidity <0.8.0 without SafeMath, OR
Arithmetic inside unchecked { } blocks, OR
Arithmetic inside assembly { } / Yul blocks, OR
Type downcasting (e.g., uint8(uint256Var)), OR
Shift operators (<<, >>) on values near type boundaries

Vulnerable Pattern

// Pre-0.8.0: wraps silently
uint256 balance = 0;
balance -= 1; // Underflows to 2^256 - 1

// Post-0.8.0 bypass via unchecked block
unchecked {
    uint256 x = type(uint256).max;
    x += 1; // Wraps to 0, no revert
}

// Type downcast truncation (all versions)
uint256 big = 256;
uint8 small = uint8(big); // Silently truncates to 0

// Assembly arithmetic (all versions)
assembly {
    let x := sub(0, 1) // Underflows to max uint256
}

Detection Heuristics

Check the Solidity version: if <0.8.0, flag ALL arithmetic operations not wrapped in SafeMath
If >=0.8.0, search for unchecked blocks and audit every arithmetic operation inside them
Search for assembly blocks and audit all add, sub, mul, div, shl, shr operations within
Search for type downcasts: patterns like uint8(, uint16(, int8(, etc. — verify the source value is bounds-checked before casting
Search for shift operations (<<, >>) and verify the operand cannot overflow the target type
Check if overflow-induced reverts on critical paths could cause DoS

False Positives

Solidity >=0.8.0 arithmetic outside of unchecked and assembly blocks (automatically checked)
unchecked blocks used only for loop counter increments (i++) where overflow is impossible due to bounded loop
Downcasts where the value is validated to fit the target type before casting (e.g., require(x <= type(uint8).max))
Assembly arithmetic on values with proven bounds

Remediation

For Solidity <0.8.0: use OpenZeppelin's SafeMath for all arithmetic
For >=0.8.0: minimize unchecked blocks to only provably safe operations (e.g., bounded loop counters)
Use OpenZeppelin's SafeCast library for all type downcasts
Validate bounds before assembly arithmetic

// Safe downcast
import {SafeCast} from "@openzeppelin/contracts/utils/math/SafeCast.sol";
uint8 small = SafeCast.toUint8(big); // Reverts if big > 255

apegurus/overflow-underflow

skills/vulnerability-patterns/overflow-underflow/SKILL.md

Integer overflow and underflow vulnerabilities in Solidity contracts

tools

Updated May 13, 2026

$ install --global

skillsauth

npx skillsauth add apegurus/solidity-argus overflow-underflow

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 13, 2026, 3:30 AM179.3s1 file scanned

SKILL.md

name:: overflow-underflow
description:: Unchecked arithmetic block requiring manual overflow review
pattern_category:: logic-error
source_url:: https://github.com/kadenzipfel/smart-contract-vulnerabilities
source_license:: MIT
imported_at:: 2025-01-15T00:00:00Z
- regex:: unchecked\s*\{
severity:: Medium
confidence:: High
swc:: SWC-101

Integer Overflow and Underflow

Preconditions

Solidity <0.8.0 without SafeMath, OR
Arithmetic inside unchecked { } blocks, OR
Arithmetic inside assembly { } / Yul blocks, OR
Type downcasting (e.g., uint8(uint256Var)), OR
Shift operators (<<, >>) on values near type boundaries

Vulnerable Pattern

// Pre-0.8.0: wraps silently
uint256 balance = 0;
balance -= 1; // Underflows to 2^256 - 1

// Post-0.8.0 bypass via unchecked block
unchecked {
    uint256 x = type(uint256).max;
    x += 1; // Wraps to 0, no revert
}

// Type downcast truncation (all versions)
uint256 big = 256;
uint8 small = uint8(big); // Silently truncates to 0

// Assembly arithmetic (all versions)
assembly {
    let x := sub(0, 1) // Underflows to max uint256
}

Detection Heuristics

Check the Solidity version: if <0.8.0, flag ALL arithmetic operations not wrapped in SafeMath
If >=0.8.0, search for unchecked blocks and audit every arithmetic operation inside them
Search for assembly blocks and audit all add, sub, mul, div, shl, shr operations within
Search for type downcasts: patterns like uint8(, uint16(, int8(, etc. — verify the source value is bounds-checked before casting
Search for shift operations (<<, >>) and verify the operand cannot overflow the target type
Check if overflow-induced reverts on critical paths could cause DoS

False Positives

Solidity >=0.8.0 arithmetic outside of unchecked and assembly blocks (automatically checked)
unchecked blocks used only for loop counter increments (i++) where overflow is impossible due to bounded loop
Downcasts where the value is validated to fit the target type before casting (e.g., require(x <= type(uint8).max))
Assembly arithmetic on values with proven bounds

Remediation

For Solidity <0.8.0: use OpenZeppelin's SafeMath for all arithmetic
For >=0.8.0: minimize unchecked blocks to only provably safe operations (e.g., bounded loop counters)
Use OpenZeppelin's SafeCast library for all type downcasts
Validate bounds before assembly arithmetic

// Safe downcast
import {SafeCast} from "@openzeppelin/contracts/utils/math/SafeCast.sol";
uint8 small = SafeCast.toUint8(big); // Reverts if big > 255

Related Skills

apegurus/vector-scan

testing

VerifiedTrustedCommunity

Specialist profile for mechanically applying the attack-vector deck and classifying vectors as skip, drop, or investigate.

SKILL.mdUpdated May 30, 2026

apegurus/periphery

tools

VerifiedTrustedCommunity

Specialist profile for libraries, helpers, base contracts, adapters, encoders, wrappers, and integration glue.

SKILL.mdUpdated May 30, 2026

apegurus/math-precision

testing

VerifiedTrustedCommunity

Specialist profile for rounding, scale, decimal, downcast, and arithmetic accounting edge cases.

SKILL.mdUpdated May 30, 2026

apegurus/math-precision

apegurus/invariant

testing

VerifiedTrustedCommunity

Specialist profile for extracting conservation laws and state couplings, then searching for violating paths.

SKILL.mdUpdated May 30, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/apegurus/solidity-argus.git

# Copy into Claude Code skills folder (global)
cp -r solidity-argus/skills/vulnerability-patterns/overflow-underflow ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

apegurus/solidity-argus

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT