Git-Mirrors/blockchains-security-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/blockchains-security-toolkit.git synced 2025-05-13 12:12:19 -04:00
Code Issues Projects Releases Packages Wiki Activity
blockchains-security-toolkit/advanced_expert/vulnerabilities
History
steinkirch.eth, phd 283fc69c42
add self_destruct
2023-06-19 09:21:55 -07:00
..
arithmetic_errors add info on safemath 2023-06-19 09:19:01 -07:00
delegatecall Create delegatecall.sol 2023-06-19 09:21:11 -07:00
nonce 💾 2023-03-15 11:08:04 -07:00
reentrancy_attacks Update README.md 2023-06-19 09:10:17 -07:00
self_destruct Create self_destruct.sol 2023-06-19 09:20:32 -07:00
ddos.md 💾 2023-03-15 11:08:04 -07:00
random_numbers.md 💾 2023-03-15 11:08:04 -07:00
README.md add self_destruct 2023-06-19 09:21:55 -07:00

README.md

smart contract vulnerabilities


tl; dr

  • tx.origin needs to bere placed by msg.sender, otherwise any contract you call can act on your behalf.
  • inline assembly should be used only in rare cases.
  • unclear semantics: now is alias for block.timestamp not current time; use of low level call, callcode, delegatecall should be avoided whenever possible; use transfer whenever failure of ether transfer should rollnack the whole transaction.
  • beware of caller contracts: selfdestruct can block calling contracts unexpectedly.
  • invocation of local functions via this: never use this to call functions in the same contract, it only consumes more gas than normal call.
  • transferring Ether in a for/while/do-while loop should be avoid due to the block gas limit.
  • erc20 decimals should have uint8 as return type.

in this dir



resources