/vulnerability_POCs

Based on the POCs from DeFiVulnLabs Solidity Security Testing Guide

Primary LanguageSolidity

POCs from DeFiVulnLabs by SunWeb3Sec

Test eploits

forge test -C exploit/ContractName.exp.sol -vv

  • Integer Overflow 1
  • Integer Overflow 2
  • Selfdestruct 1
  • Selfdestruct 2
  • Unsafe Delegatecall
  • Reentrancy
  • Read Only Reentrancy
  • ERC777-reentrancy
  • Unchecked external call - call injection
  • Private Data
  • UnprotectedCallback
  • Backdoor-assembly
  • Bypass iscontract
  • DOS
  • Randomness
  • Visibility
  • txorigin - phishing
  • Uninitialized state variables
  • Storage collision 1
  • Storage collision 2 (Audius)
  • Approval Scam
  • Signature replay 1
  • Signature replay 2 (NBA)
  • Data location - storage vs memory
  • DirtyBytes
  • Invariants
  • NFT Mint via Exposed Metadata
  • Divide before multiply
  • Unchecked return value
  • No Revert on Failure
  • Phantom function - Permit Function
  • First deposit bug
  • Empty loop
  • Unsafe downcasting
  • Price manipulation
  • ecRecover returns address(0)
  • Oracle stale price
  • Precision Loss - Rounded down to zero
  • Slippage - Incorrect deadline & slippage amount
  • Struct Deletion Oversight
  • Array Deletion Oversight
  • Return vs break
  • Incorrect use of payable.transfer() or send()
  • Unauthorized NFT Transfer in custom ERC721 implementation
  • Missing Check for Self-Transfer Allows Funds to be Lost
  • Incorrect implementation of the recoverERC20() function in the StakingRewards
  • Missing flash loan initiator check
  • Incorrect sanity checks - Multiple Unlocks Before Lock Time Elapse