/Solidity-Attack-Vectors

This Repository contains list of Common Solidity SmartContract Attack Vectors. If you find any attack vectors missing, you can create a pull request and be a contributor of the project.

Solidity Smart Contract Attack Vectors:

This Repository contains list of Solidity Attack Vectors. It includes most solidity vulnerabilities collected from various sources like SWC Registry, DeFi threat, DASP Top-10 and contents all over Internet. You can click each attack vectors and find details about it. This repository will be actively maintained and updated by QuillAudits.

If you find any attack vectors missing, you can create a pull request and be a contributor of the project.

PDF Version: Solidity_Vectors_QuillAudits.pdf

Serial No. Attack Vectors
1 Access Control Checks on Critical Function
2 Account Existence Check for low level calls
3 Arithmetic Over/Under Flows
4 Assert Violation
5 Authorization through tx.origin
6 Bad Source of Randomness
7 Block Timestamp manipulation
8 Bypass Contract Size Check
9 Code With No Effects
10 Delegatecall
11 Delegatecall to Untrusted Callee
12 DoS with (Unexpected) revert
13 DoS with Block Gas Limit
14 Logical Issues
15 Entropy Illusion
16 Function Selector Abuse
17 Floating Point and Numerical Precision
18 Floating Pragma
19 Forcibly Sending Ether to a Contract
20 Function Default Visibility
21 Hash Collisions With Multiple Variable Length Arguments
22 Improper Array Deletion
23 Incorrect interface
24 Insufficient gas griefing
25 Unsafe Ownership Transfer
26 Loop through long arrays
27 Message call with hardcoded gas amount
28 Outdated Compiler Version
29 Precision Loss in Calculations
30 Price Manipulation
31 Hiding Malicious Code with External Contract
32 Public burn() function
33 Race Conditions / Front Running
34 Re-entrancy
35 Requirement Violation
36 Right-To-Left-Override control character (U+202E)
37 Shadowing State Variables
38 Short Address/Parameter Attack
39 Signature Malleability
40 Signature Replay Attacks
41 State Variable Default Visibility
42 Transaction Order Dependence
43 Typographical Error
44 Unchecked Call Return Value
45 Unencrypted Private Data On-Chain
46 Unexpected Ether balance
47 Uninitialized Storage Pointer
48 Unprotected Ether Withdrawal
49 Unprotected SELFDESTRUCT Instruction
50 Unprotected Upgrades
51 Unused Variable
52 Use of Deprecated Solidity Functions
53 Write to Arbitrary Storage Location
54 Wrong inheritance

References:

SWC Registry

DeFi-Threat

Runtimeverification - List-of-Security-Vulnerabilties

DASP-Top 10