For the previous version of 0.6, solidity won’t check the overflow. For a uint8 variable with a maximum value of 255, when adding 1 to it, it will be 0.

Example for an attacker to exploit the contract.

When the attacker call transfer without any balance, the value will be overflow and will be a very large amount. So the attacker will get a very large amount of tokens.