Kayusme/smart-contract-vulnerabilities

A collection of smart contract vulnerabilities along with prevention methods.

Smart Contract Vulnerabilities

• Insufficient Gas Griefing
• Reentrancy
• Integer Overflow and Underflow
• Timestamp Dependence
• Authorization Through tx.origin
• Floating Pragma
• Outdated Compiler Version
• Unsafe Low-Level Call
• Uninitialized Storage Pointer
• Assert Violation
• Use of Deprecated Functions
• Delegatecall to Untrusted Callee
• Signature Malleability
• Incorrect Constructor Name
• Shadowing State Variables
• Weak Sources of Randomness from Chain Attributes
• Missing Protection against Signature Replay Attacks
• Requirement Validation
• Write to Arbitrary Storage Location
• Incorrect Inheritance Order
• Presence of Unused Variables
• Unencrypted Private Data On-Chain
• Inadherence to Standards
• Asserting Contract from Code Size
• Transaction-Ordering Dependence
• DoS with Block Gas Limit
• DoS with (Unexpected) revert
• Unexpected ecrecover null address
• Default Visibility
• Insufficient Access Control
• Off-By-One
• Lack of Precision

Further Reading

• https://github.com/ethereum/wiki/wiki/Safety
• https://swcregistry.io/
• https://eprint.iacr.org/2016/1007.pdf
• https://www.dasp.co/
• https://consensys.github.io/smart-contract-best-practices/
• https://github.com/sigp/solidity-security-blog
• https://solidity.readthedocs.io/en/latest/bugs.html

Contributions

Submit a PR!