Should I Trust Smart Contracts?!

This issue also triggered another wave of criticism towards Smart Contracts, in general, and Ethereum, specifically and many have started to argue that smart contracts, being so buggy and unreliable, just shouldn’t be trusted.

TL;DR: this was a very silly and very easy issue to avoid. Not only that a hobbyist Smart Contract auditor could’ve discovered this issue, but also almost every prominent static code analyzer. For example, by running our beloved Mythril analyzer against the original code:

A silly bug by a dangerously irresponsible development team. Not only that, but this bug wasn’t of the ERC20 standard implementation, but part of some premature gas cost optimization.

Is it a reason to be more vigilant and properly test our codes? Yes!

Is it a reason to bash the whole Ethereum Smart Contracts developers community? God, no!

BatchOverflow Explained

So, believe it or not, the issue is actually unbelievably trivial and easy to avoid. It’s just another example of an integer overflow bug, which is very well known and documented (for example, here: https://consensys.github.io/smart-contract-best-practices/known_attacks/#integer-overflow-and-underflow) and is very easy to avoid:

An overflow is when a number gets incremented above its maximum value. Since Ethereum Smart Contracts can only handle up to 256 bit numbers, incrementing the maximum unsigned integer by 1 would result into 0.