- Insufficient Gas Griefing
- Reentrancy
- Integer Overflow and Underflow
- Timestamp Dependence
- Authorization Through tx.origin
- Floating Pragma
- Outdated Compiler Version
- Unsafe Low-Level Call
- Uninitialized Storage Pointer
- Assert Violation
- Use of Deprecated Functions
- Delegatecall to Untrusted Callee
- Signature Malleability
- Incorrect Constructor Name
- Shadowing State Variables
- Weak Sources of Randomness from Chain Attributes
- Missing Protection against Signature Replay Attacks
- Requirement Validation
- Write to Arbitrary Storage Location
- Incorrect Inheritance Order
- Presence of Unused Variables
- Unencrypted Private Data On-Chain
- Inadherence to Standards
- Asserting Contract from Code Size
- Transaction-Ordering Dependence
- DoS with Block Gas Limit
- DoS with (Unexpected) revert
- Unexpected ecrecover null address
- Default Visibility
- Insufficient Access Control
- Off-By-One
- Lack of Precision
A chronological list of smart contract attacks to date.
https://github.com/kadenzipfel/smart-contract-vulnerabilities
https://github.com/tamjid0x01/awesome-smartcontract-hacking
https://quillaudits.medium.com/
https://github.com/blocksecteam/blocksec_academy
https://medium.com/immunefi/enzyme-finance-missing-privilege-check-bugfix-review-ddb5e87b8058
https://inspexco.medium.com/cross-contract-reentrancy-attack-402d27a02a15