👮
Contract Cops
  • Mastering Ethereum Book
    • What is ethereum?
    • Tokens
    • Oracles
    • Decenralized Applications(DApps)
    • The Ethereum virtual machine
    • Ethereum basics
    • Ethereum clients
    • Cryptography
    • Wallets
    • Transactions
    • Chapter 7 - Smart Contracts & Solidity
    • Side Notes
      • Tokens
      • Smart Contracts and Solidity
  • Cryptography
    • Ethereum Cryptography - Cheatsheet
    • Assymetric vs symmetric cryptography
    • ECDSA vs RSA
    • Elliptic curves and ECDSA
    • Sha-256 Example
    • Sha-256
    • What are the different steps in SHA-256?
  • Ethereum Blocks
    • Block Headers
  • Learning Solidity
    • Storage vs memory
    • Upgradeable contracts
      • Proxy pattern in smart contracts
  • PoS
    • Proof of stake
  • PoW
    • PoW
  • Tokens
    • ERC-1155
    • ERC20
  • Cryptonomics
    • Automated market makers
    • Collateral Tokens
    • Collateralized Stablecoin
    • Fiat currency
    • Liquidity pool
    • Open Position: Meaning and Risk in Trading
    • Slippage
    • Spot price
  • Common Attack Vectors
    • Checking access control
    • Access control issues on critical functions
    • Account Existence Check for low level calls
    • Account Existence Check
    • Common attacks with contract/EOA addresses
    • Arithmetic under/overflow
    • Assert Attack
    • Assert require revert
    • Assert Violation
    • Bad Interface DOS
    • Bad pragma and compiler
    • Block Timestamp Manipulation
    • Bypassing contract check
    • Code With No Effects
    • Code size check vulnerability
    • Constructors with Care
    • Default Visibilities
    • Delegatecall
    • Delegatecall
    • Denial of Service (DoS)
    • DoS with block gas limit
    • Entropy Illusion
    • External contract referencing
    • Flash Loan Attack
    • Floating Point and Precision
    • Function selector abuse
    • Function selector abuse
    • Smart contract gas griefing
    • Hash collision parameters
    • Hash Collisions With Multiple Variable Length Arguments
    • Imprecise arithmetic
    • Improper Array Deletion
    • Incorrect array deletion
    • Incorrect interface
    • Insufficient Gas Griefing
    • Loop through long arrays
    • Message call with hardcoded gas amount
    • Not enough gas for ether transfer
    • Precision Loss in Calculations
    • Oracle Manipulation
    • Public Burn Function
    • Read-only reentrancy
    • Race Conditions/Front Running
    • Reentrancy Attacks
    • Reentrancy
    • Requirement Violation
    • Right-To-Left-Override control character (U+202E)
    • Shadowing State Variables
    • Short Address / Parameter attack
    • Signature Malleability
    • Signature Replay
    • Transaction Order Dependence
    • Tx.Origin Authentication
    • Unchecked CALL Return Values
    • Unexpected ether
    • Uninitialized Storage Pointers
    • Unsafe Ownership Transfer
  • EIP's
    • EIP155
    • EIP55
  • PoW
    • Ethash
    • Scrypt - RFC 7914
  • Questions for self evaluation
    • Questions 23/04/2023 (Nr: 84)
    • Usability guide for questions
  • Frequently asked questions
    • What is the difference between transaction and message?
    • What is the use of a interface or function without implementation?
  • UsefulResources
Powered by GitBook
On this page

Common Attack Vectors

This section is dedicated to describing some of the most common attack vectors that are commonly seen in smart contracts. Some of these are taken directly from real world hacks.

PreviousSpot priceNextChecking access control

Last updated 2 years ago

Checking access control
Access control issues on critical functions
Account Existence Check for low level calls
Account Existence Check
Common attacks with contract/EOA addresses
Arithmetic under/overflow
Assert Attack
Assert require revert
Assert Violation
Bad Interface DOS
Bad pragma and compiler
Block Timestamp Manipulation
Bypassing contract check
Code With No Effects
Code size check vulnerability
Constructors with Care
Default Visibilities
Delegatecall
Delegatecall
Denial of Service (DoS)
DoS with block gas limit
Entropy Illusion
External contract referencing
Flash Loan Attack
Floating Point and Precision
Function selector abuse
Function selector abuse
Smart contract gas griefing
Hash collision parameters
Hash Collisions With Multiple Variable Length Arguments
Imprecise arithmetic
Improper Array Deletion
Incorrect array deletion
Incorrect interface
Insufficient Gas Griefing
Loop through long arrays
Message call with hardcoded gas amount
Not enough gas for ether transfer
Precision Loss in Calculations
Oracle Manipulation
Public Burn Function
Read-only reentrancy
Race Conditions/Front Running
Reentrancy Attacks
Reentrancy
Requirement Violation
Right-To-Left-Override control character (U+202E)
Shadowing State Variables
Short Address / Parameter attack
Signature Malleability
Signature Replay
Transaction Order Dependence
Tx.Origin Authentication
Unchecked CALL Return Values
Unexpected ether
Uninitialized Storage Pointers
Unsafe Ownership Transfer