The goal of this repository is to compile all possible smart contract vulnerabilities and resources for learning about them.
Feel free to submit a pull request, with anything from small fixes to docs or tools you'd like to add.
- Access Control
- Account Existence Check for low level calls
- Arbitrary Jumps with Function Variables
- Assert Violation
- Bypass Contract Size Check
- Code With No Effects
- Complex Modifiers
- DOS
- Dirty Higher Order Bits
- Entropy Illusion / Insecure Randomness
- Experimental Language Features
- External Contract Referencing
- Flash Loan Attacks
- Floating Point Arithmetic
- Frontend (Off Chain) Attacks
- Force Feeding
- Function Selector Abuse
- Griefing
- Hiding Malicious Code
- Historic Attacks
- Improper Array Deletion
- Incorrect Interface
- Insufficient Gas Attacks
- Integer Arithmetic
- Loop through long arrays
- Message call with hardcoded gas amount
- Miner Attacks
- Offline Owner
- Oracle Manipulation
- Outdated Compiler
- Payable Multicall
- Precision Loss in Calculations
- Privacy Illusion
- Proxy Storage Collision
- Reentrancy
- Right-To-Left-Override control character (U+202E)
- Sandwich Attacks
- Signature Replay
- Unchecked External Calls
- Uninitialized Storage Pointers
- Unprotected Upgrades
- Unsafe Delegatecalls
- Unused Variable
- Use of Deprecated Solidity Functions
- Variable Shadowing
- Writes to Arbitrary Storage Locations
- Wrong inheritance