smart-contract-attack-vectors icon indicating copy to clipboard operation
smart-contract-attack-vectors copied to clipboard

verified publisher icon harendra-shakya

Metadata

A curated list of smart contract attack vectors

trafficstars

Smart contract attack vectors

The goal of this repository is to compile all possible smart contract vulnerabilities and resources for learning about them.

Feel free to submit a pull request, with anything from small fixes to docs or tools you'd like to add.

Support Project

List of Security Vulnerabilities

  • Access Control
    • Authentication With tx.origin
    • Default Visibility
    • Signature Verification
    • Unprotected Ether Withdrawal
    • Unprotected SELFDESTRUCT Instruction
    • Missed Modifier
    • Incorrect Modifier Names
    • Overpowered Roles
  • Account Existence Check for low level calls
  • Arbitrary Jumps with Function Variables
  • Assert Violation
  • Bypass Contract Size Check
  • Code With No Effects
  • Complex Modifiers
  • DOS
    • Unexpected Revert
    • Block Gas Limit
    • External Calls without Gas Stipends
  • Dirty Higher Order Bits
  • Entropy Illusion / Insecure Randomness
  • Experimental Language Features
  • External Contract Referencing
  • Flash Loan Attacks
  • Floating Point Arithmetic
  • Frontend (Off Chain) Attacks
    • Short Address Attack
  • Force Feeding
  • Function Selector Abuse
  • Griefing
  • Hiding Malicious Code
  • Historic Attacks
    • Constructor Names
    • Call Depth Attack
    • Solidity Abi Encoder v2 Bug
  • Improper Array Deletion
  • Incorrect Interface
  • Insufficient Gas Attacks
  • Integer Arithmetic
  • Loop through long arrays
  • Message call with hardcoded gas amount
  • Miner Attacks
    • Transaction Ordering / Frontrunning
    • Timestamp Manipulation
  • Offline Owner
  • Oracle Manipulation
  • Outdated Compiler
  • Payable Multicall
  • Precision Loss in Calculations
  • Privacy Illusion
  • Proxy Storage Collision
  • Reentrancy
  • Right-To-Left-Override control character (U+202E)
  • Sandwich Attacks
  • Signature Replay
  • Unchecked External Calls
  • Uninitialized Storage Pointers
  • Unprotected Upgrades
  • Unsafe Delegatecalls
  • Unused Variable
  • Use of Deprecated Solidity Functions
  • Variable Shadowing
  • Writes to Arbitrary Storage Locations
  • Wrong inheritance

CTFs

Security Tools

Articles / Papers to read

  • Blockchain Security Roadmap - https://lnkd.in/gPw7Nf4J

  • The Eye of Horus: Spotting and Analyzing Attacks on Ethereum Smart Contracts - https://lnkd.in/gnzDrXaH

  • BLOCKEYE - Hunting For DeFi Attacks on Blockchain - https://lnkd.in/gvxmW8Hu

  • Topological Anomaly Detection in Dynamic Multilayer Blockchain Networks - https://lnkd.in/gPG6vrAM

  • Verification of the Incremental Merkle Tree Algorithm with Dafny - https://lnkd.in/gfk3YrEd

  • GoHammer Blockchain Performance Test Tool - https://lnkd.in/gHhjWdHj

  • EtherClue: Digital investigation of attacks on Ethereum smart contracts - https://lnkd.in/gvuaaKaT

  • Requirement Analyses and Evaluations of Blockchain Platforms per Possible Use Cases - https://lnkd.in/g7G9Rpxj

  • A Note on Privacy in Constant Function Market Makers - https://lnkd.in/guEEV7Gm

  • An approach to detect Denial of Service Vulnerability in Ethereum Smart Contracts - https://lnkd.in/gT3C-9fq

  • AGSolT: a Tool for Automated Test-Case Generation for Solidity Smart Contracts - https://lnkd.in/gYDvEndF

  • Reentrancy Vulnerability Identification in Ethereum Smart Contracts - https://lnkd.in/g6EVMjpg

  • Coinbugs: Enumerating Common Blockchain Implementation-Level Vulnerabilities - https://lnkd.in/gqTS47JW

  • SuMo: A Mutation Testing Strategy for Solidity Smart Contracts - https://lnkd.in/gm_ut_ev

  • A Framework and DataSet for Bugs in Ethereum Smart Contracts - https://lnkd.in/gGNzC8iz

  • Extracting Smart Contracts Tested and Verified in Coq - https://lnkd.in/gYv2VgFJ

  • Trustless, privacy-preserving blockchain bridges - https://lnkd.in/gxzndTd2

  • Security checklists for Ethereum smart contract development: patterns and best practices - https://lnkd.in/grF8DuMU

  • Dynamic Vulnerability Detection on Smart Contracts Using Machine Learning - https://lnkd.in/gpbsEGve

  • Targeting the Weakest Link: Social Engineering Attacks in Ethereum Smart Contracts - https://lnkd.in/g38PzXy3

  • OptSmart: A Space Efficient Optimistic Concurrent Execution of Smart Contracts - https://lnkd.in/gFJhgamn

  • DEFECTCHECKER: Automated Smart Contract Defect Detection by Analyzing EVM Bytecode - https://lnkd.in/gKNNN34h

  • Profiling Gas Leaks in Solidity Smart Contracts - https://lnkd.in/g2dMHYac

  • Ethereum SmartContract Vulnerability Detection using Deep Neural Network and Transfer Learning - https://lnkd.in/gV8Thsxe

Other useful resources

Support Me

Your support is crucial to help me continue doing what I love - educating DeFi & Crypto users.

If you find value in my work and want to support my work, you can send me a donation to the address -

Much much thanks every single one of you! Your support enables me to create more content, improve the quality of my work, and ultimately make a positive impact on the community.

Drop me a message on LinkedIn if you have any doubts or need any help -

Linktree

Thank you! Stay safe!

Metadata

487
Stars
99
Forks
Watchers

Owner

verified publisher icon harendra-shakya

Metadata

A curated list of smart contract attack vectors

Back