Common Attack Vectors
This section is dedicated to describing some of the most common attack vectors that are commonly seen in smart contracts. Some of these are taken directly from real world hacks.
Checking access controlAccess control issues on critical functionsAccount Existence Check for low level callsAccount Existence CheckCommon attacks with contract/EOA addressesArithmetic under/overflowAssert AttackAssert require revertAssert ViolationBad Interface DOSBad pragma and compilerBlock Timestamp ManipulationBypassing contract checkCode With No EffectsCode size check vulnerabilityConstructors with CareDefault VisibilitiesDelegatecallDelegatecallDenial of Service (DoS)DoS with block gas limitEntropy IllusionExternal contract referencingFlash Loan AttackFloating Point and PrecisionFunction selector abuseFunction selector abuseSmart contract gas griefingHash collision parametersHash Collisions With Multiple Variable Length ArgumentsImprecise arithmeticImproper Array DeletionIncorrect array deletionIncorrect interfaceInsufficient Gas GriefingLoop through long arraysMessage call with hardcoded gas amountNot enough gas for ether transferPrecision Loss in CalculationsOracle ManipulationPublic Burn FunctionRead-only reentrancyRace Conditions/Front RunningReentrancy AttacksReentrancyRequirement ViolationRight-To-Left-Override control character (U+202E)Shadowing State VariablesShort Address / Parameter attackSignature MalleabilitySignature ReplayTransaction Order DependenceTx.Origin AuthenticationUnchecked CALL Return ValuesUnexpected etherUninitialized Storage PointersUnsafe Ownership Transfer
Last updated