Solidity-Attack-Vectors
Solidity-Attack-Vectors copied to clipboard
Published
20 hours ago •
Quillhash
Quillhash
This Repository contains list of Common Solidity SmartContract Attack Vectors. If you find any attack vectors missing, you can create a pull request and be a contributor of the project.
Solidity Smart Contract Attack Vectors:
This Repository contains list of Solidity Attack Vectors. It includes most solidity vulnerabilities collected from various sources like SWC Registry, DeFi threat, DASP Top-10 and contents all over Internet. You can click each attack vectors and find details about it. This repository will be actively maintained and updated by QuillAudits.
If you find any attack vectors missing, you can create a pull request and be a contributor of the project.
| Serial No. | Attack Vectors |
|---|---|
| 1 | Access Control Checks on Critical Function |
| 2 | Account Existence Check for low level calls |
| 3 | Arithmetic Over/Under Flows |
| 4 | Assert Violation |
| 5 | Authorization through tx.origin |
| 6 | Bad Source of Randomness |
| 7 | Block Timestamp manipulation |
| 8 | Bypass Contract Size Check |
| 9 | Code With No Effects |
| 10 | Delegatecall |
| 11 | Delegatecall to Untrusted Callee |
| 12 | DoS with (Unexpected) revert |
| 13 | DoS with Block Gas Limit |
| 14 | Logical Issues |
| 15 | Entropy Illusion |
| 16 | Function Selector Abuse |
| 17 | Floating Point and Numerical Precision |
| 18 | Floating Pragma |
| 19 | Forcibly Sending Ether to a Contract |
| 20 | Function Default Visibility |
| 21 | Hash Collisions With Multiple Variable Length Arguments |
| 22 | Improper Array Deletion |
| 23 | Incorrect interface |
| 24 | Insufficient gas griefing |
| 25 | Unsafe Ownership Transfer |
| 26 | Loop through long arrays |
| 27 | Message call with hardcoded gas amount |
| 28 | Outdated Compiler Version |
| 29 | Precision Loss in Calculations |
| 30 | Price Manipulation |
| 31 | Hiding Malicious Code with External Contract |
| 32 | Public burn() function |
| 33 | Race Conditions / Front Running |
| 34 | Re-entrancy |
| 35 | Requirement Violation |
| 36 | Right-To-Left-Override control character (U+202E) |
| 37 | Shadowing State Variables |
| 38 | Short Address/Parameter Attack |
| 39 | Signature Malleability |
| 40 | Signature Replay Attacks |
| 41 | State Variable Default Visibility |
| 42 | Transaction Order Dependence |
| 43 | Typographical Error |
| 44 | Unchecked Call Return Value |
| 45 | Unencrypted Private Data On-Chain |
| 46 | Unexpected Ether balance |
| 47 | Uninitialized Storage Pointer |
| 48 | Unprotected Ether Withdrawal |
| 49 | Unprotected SELFDESTRUCT Instruction |
| 50 | Unprotected Upgrades |
| 51 | Unused Variable |
| 52 | Use of Deprecated Solidity Functions |
| 53 | Write to Arbitrary Storage Location |
| 54 | Wrong inheritance |
Quillhash