Git-Mirrors/blockchains-security-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/blockchains-security-toolkit.git synced 2025-08-15 01:25:41 -04:00
Code Issues Projects Releases Packages Wiki Activity

organize chapters for the ongoing research, remove dead links, add new resources

Browse source
This commit is contained in:
bt3gl 2024-11-04 18:42:30 +07:00
parent 1748d1ed22
commit 184e917000
98 changed files with 421 additions and 11268 deletions
Download patch file Download diff file Expand all files Collapse all files

10
advanced_expert/vulnerabilities/README.md
View file

@ -3,8 +3,9 @@
<br>
### tl; dr
### initial thoughts
<br>
* `tx.origin` needs to bere placed by `msg.sender`, otherwise any contract you call can act on your behalf.
* inline assembly should be used only in rare cases.
@ -18,7 +19,7 @@
---
### in this dir
### chapters
<br>
@ -29,14 +30,13 @@
* **[self_destruct](self_destruct)**
* **[ddos attacks](ddos)**
* **[nonce reuse](nonce)**
* **[replay attacks](replay_attacks)**
<br>
----
### resources
### cool resources
<br>

11
advanced_expert/vulnerabilities/arithmetic_errors/README.md
View file

@ -6,3 +6,14 @@
* solidity < 0.8: integers in overflow / underflow without any errors.
* solidity >= 0.8: default behaviour of for overflow / underflow is to throw an error.
* use **[SafeMath](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/math/SafeMath.sol)** to prevent arithmetic overflow and underflow.
<br>
---
### chapters
<br>
* **[overflow](overflow)**

9
advanced_expert/vulnerabilities/arithmetic_errors/overflow.md → advanced_expert/vulnerabilities/arithmetic_errors/overflow/README.md
View file

@ -2,12 +2,7 @@
<br>
<br>
----
### unchecked math
### tl; dr: unchecked math
<br>
@ -50,5 +45,3 @@ contract UncheckedMath {
}
```
<br>

0
advanced_expert/vulnerabilities/arithmetic_errors/overflow.sol → advanced_expert/vulnerabilities/arithmetic_errors/overflow/example.sol
View file

21
advanced_expert/vulnerabilities/ddos/README.md
View file

@ -1,4 +1,4 @@
## DDoS attacks on the context of blockchains
## ddos attacks on the context of blockchains
<br>
@ -6,25 +6,26 @@
<br>
* [DDoS with failed call](https://swcregistry.io/docs/SWC-113)
* **[DDoS with failed call](https://swcregistry.io/docs/SWC-113)**
<br>
---
### block gas limit
<br>
* [block gas limit by SWC registry](https://swcregistry.io/docs/SWC-128)
* [gas limit and loops on solidity docs](https://docs.soliditylang.org/en/latest/security-considerations.html#gas-limit-and-loops)
* **[block gas limit by SWC registry](https://swcregistry.io/docs/SWC-128)**
* **[gas limit and loops on solidity docs](https://docs.soliditylang.org/en/latest/security-considerations.html#gas-limit-and-loops)**
<br>
### references
---
### cool resources
<br>
* [sigma prime post](https://blog.sigmaprime.io/solidity-security.html#dos)
* [not so smart contract](https://github.com/crytic/not-so-smart-contracts/tree/master/denial_of_service)
* **[sigma prime post](https://blog.sigmaprime.io/solidity-security.html#dos)**
* **[not so smart contract](https://github.com/crytic/not-so-smart-contracts/tree/master/denial_of_service)**

32
advanced_expert/vulnerabilities/delegatecall/README.md
View file

@ -2,32 +2,36 @@
<br>
#### 🖤 This is my favorite vuln
### tl; dr
<br>
---
### TL;DR
1. Call to untrusted contracts may introduce unexpected risks and errors.
2. External calls controlled by an attacker may force a contract to transition into an undefined state.
3. Types of external calls: `STATIC CALL` and `DELEGATE CALL`.
4. Using DELEGATE CALL, contract can preserve the storage state while using the logic of the contract. This introduces the concept of Proxies.
3. Types of external calls: `STATICCALL` and `DELEGATECALL`.
4. Using `DELEGATECALL`, contract can preserve the storage state while using the logic of the contract. This introduces the concept of Proxies.
5. The proxy contract redirects all the calls it receives to an "logic contract", whose address is stored in its "proxy contract". The proxy runs the "logic contract"'s code as its own (modifying its storage and the balance of the "proxy contract").
<img width="956" alt="Screen Shot 2022-09-17 at 5 30 04 PM" src="https://user-images.githubusercontent.com/1130416/190880608-1b511a87-d91e-4ae4-8714-08cd7e8eec89.png">
<br>
<p align="center">
<img width="500" src="https://user-images.githubusercontent.com/1130416/190880608-1b511a87-d91e-4ae4-8714-08cd7e8eec89.png">
</p>
<br>
* bt3gl's diagram:
<p align="center">
<img src="https://github.com/go-outside-labs/blockchain-auditing/assets/138340846/405335ca-a1c7-4d3c-83fb-4b96ee13a384" width="55%" align="center" style="padding:1px;border:1px solid black;"/>
</p>
<br>
---
### Learning resources
### cool resources
<br>
* [SWC docs on DELEGATECALL](https://swcregistry.io/docs/SWC-112)
* [Sigma Prime post on DELEGATECALL](https://blog.sigmaprime.io/solidity-security.html#delegatecall)
* **[SWC docs on DELEGATECALL](https://swcregistry.io/docs/SWC-112)**
* **[sigma prime post on DELEGATECALL](https://blog.sigmaprime.io/solidity-security.html#delegatecall)**
* **[understanding DELEGATECALL, by d. arends](https://www.derekarends.com/solidity-vulnerability-understanding-delegatecall/)**

13
advanced_expert/vulnerabilities/delegatecall/proxies.md
View file

@ -71,9 +71,10 @@
<br>
* [proxy patterns](https://mirror.xyz/0xB38709B8198d147cc9Ff9C133838a044d78B064B/M7oTptQkBGXxox-tk9VJjL66E1V8BUF0GF79MMK4YG0)
* [how diamond upgrades work](https://dev.to/mudgen/how-diamond-upgrades-work-417j)
* [the state of smart contract updates](https://blog.openzeppelin.com/the-state-of-smart-contract-upgrades/)
* [multiple ways to update a contract](https://cryptomarketpool.com/multiple-ways-to-upgrade-a-solidity-smart-contract/)
* [web3 Tutorial: write upgradeable smart contract (proxy) using OpenZeppelin](https://dev.to/yakult/tutorial-write-upgradeable-smart-contract-proxy-contract-with-openzeppelin-1916)
* [safe smart account & diamond proxies, by safe](https://safe.mirror.xyz/P83_rVQuUQJAM-SnMpWvsHlN8oLnCeSncD1txyMDqpE)
* **[proxy patterns](https://mirror.xyz/0xB38709B8198d147cc9Ff9C133838a044d78B064B/M7oTptQkBGXxox-tk9VJjL66E1V8BUF0GF79MMK4YG0)**
* **[how diamond upgrades work](https://dev.to/mudgen/how-diamond-upgrades-work-417j)**
* **[the state of smart contract updates](https://blog.openzeppelin.com/the-state-of-smart-contract-upgrades/)**
* **[multiple ways to update a contract](https://cryptomarketpool.com/multiple-ways-to-upgrade-a-solidity-smart-contract/)**
* **[web3 Tutorial: write upgradeable smart contract (proxy) using OpenZeppelin](https://dev.to/yakult/tutorial-write-upgradeable-smart-contract-proxy-contract-with-openzeppelin-1916)**
* **[safe smart account & diamond proxies, by safe](https://safe.mirror.xyz/P83_rVQuUQJAM-SnMpWvsHlN8oLnCeSncD1txyMDqpE)**
* **[the proxy pattern, by noxx](https://noxx.substack.com/p/smart-contract-patterns-the-proxy)**

2
advanced_expert/vulnerabilities/nonce/README.md
View file

@ -2,4 +2,4 @@
<br>
* [nonce reuse thread, by bertcmiller](https://twitter.com/bertcmiller/status/1475844939816833032)
* **[nonce reuse thread, by bertcmiller](https://twitter.com/bertcmiller/status/1475844939816833032)**

19
advanced_expert/vulnerabilities/randomness/README.md
View file

@ -2,24 +2,23 @@
<br>
### post-merge notes
### tl; dr
<br>
#### post-merge notes
<br>
* `BLOCKHASH` opcode will still be available, but given that it will no longer be forged through the proof of work hashing process, the pseudorandomness provided by this opcode will be much weaker.
* `DIFFICULTY` is renamed to `PREVRANDAO`, and return the output of the randomness beacon provided by the beacon chain. It's stronger than `BLOCKHASH` but still biasable.
<br>
----
### resources
### cool resources
* [ethereum randomness ](https://eth2book.info/altair/part2/building_blocks/randomness)
* [randao github](https://github.com/randao/randao)
* [exploring the randao game in pos ethereum](https://ethereum.github.io/beaconrunner/notebooks/randao/randao.html)
* **[ethereum randomness ](https://eth2book.info/altair/part2/building_blocks/randomness)**
* **[randao github](https://github.com/randao/randao)**
* **[exploring the randao game in pos ethereum](https://ethereum.github.io/beaconrunner/notebooks/randao/randao.html)**

44
advanced_expert/vulnerabilities/reentrancy_attacks/README.md
View file

@ -1,14 +1,18 @@
## reentrancy attacks
<br>
### tl; dr
* when a contract calls an external function, that external function may itself call the calling function.
* a reentrancy attack may occur when:
* a function makes an external call to a untrusted contract
* the unstrusted contract makes a recursive callback to a vulnerable contract function to steal funds
- a function makes an external call to a untrusted contract
- the unstrusted contract makes a recursive callback to a vulnerable contract function to steal funds
* to prevent this attack, a contract can implement a lock in storage that prevents re-entrant calls.
* bt3gl's diagram:
<p align="center">
<img src="https://github.com/go-outside-labs/blockchain-auditing/assets/138340846/8f6f4c12-2990-420d-95d6-f3d5379bc72c" width="55%" align="center" style="padding:1px;border:1px solid black;"/>
</p>
<br>
@ -39,9 +43,13 @@ function() public payable {
}
```
How to fix?
<br>
#### Option 1: Adding a mutex locking:
how to fix?
<br>
#### option 1: Adding a mutex locking:
```
modifier noReentrant() {
@ -62,7 +70,15 @@ function withdrawBalance() public noReentrant {
<br>
#### Option 2: CEI (checks effects interaction) pattern
#### option 2: CEI (checks effects interaction) pattern
<br>
<p align="center">
<img src="https://github.com/go-outside-labs/blockchain-auditing/assets/138340846/8a57158e-82d8-4be2-bdf1-22faaaab97f7" width="55%" align="center" style="padding:1px;border:1px solid black;"/>
</p>
<br>
```
function withdrawBalance() public {
@ -73,18 +89,18 @@ function withdrawBalance() public {
}
```
<br>
----
### cool resources
### resources
<br>
* [reentrancy on solidity docs](https://docs.soliditylang.org/en/latest/security-considerations.html#re-entrancy)
* [reentrancy on DASP](https://www.dasp.co/#item-1)
* [reentrancy on SWC](https://swcregistry.io/docs/SWC-107)
* [reentrancy patterns](https://github.com/uni-due-syssec/eth-reentrancy-attack-patterns)
* [list of reentrancy attacks by pcaversaccio](https://github.com/pcaversaccio/reentrancy-attacks)
* [reentrancy on not so smart contract](https://github.com/crytic/not-so-smart-contracts/tree/master/reentrancy)
* **[reentrancy on solidity docs](https://docs.soliditylang.org/en/latest/security-considerations.html#re-entrancy)**
* **[reentrancy on DASP](https://www.dasp.co/#item-1)**
* **[reentrancy on SWC](https://swcregistry.io/docs/SWC-107)**
* **[reentrancy patterns](https://github.com/uni-due-syssec/eth-reentrancy-attack-patterns)**
* **[list of reentrancy attacks by pcaversaccio](https://github.com/pcaversaccio/reentrancy-attacks)**
* **[reentrancy on not so smart contract](https://github.com/crytic/not-so-smart-contracts/tree/master/reentrancy)**

6
advanced_expert/vulnerabilities/replay_attacks/README.md Normal file
View file

@ -0,0 +1,6 @@
## replay attacks
<br>
* **[preventing replay attacks after the BCH hard fork, by circle](https://www.circle.com/blog/preventing-replay-attacks-after-the-bch-hard-fork)**
* **[the chainID of ETHW is one of the primary causes behind its nosedive, by harbor](https://medium.com/coinmonks/one-of-the-main-reasons-for-the-ethw-nosedive-is-its-chain-id-9519623b5dc)**