Git-Mirrors/blockchains-security-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/blockchains-security-toolkit.git synced 2025-05-13 12:12:19 -04:00
Code Issues Projects Releases Packages Wiki Activity
blockchains-security-toolkit/advanced_expert/vulnerabilities
History
osiris account 54be66521a 💾
2023-03-15 11:08:04 -07:00
..
delegatecall 💾 2023-03-15 11:08:04 -07:00
nonce 💾 2023-03-15 11:08:04 -07:00
reentrancy_attacks 💾 2023-03-15 11:08:04 -07:00
ddos.md 💾 2023-03-15 11:08:04 -07:00
random_numbers.md 💾 2023-03-15 11:08:04 -07:00
README.md 💾 2023-03-15 11:08:04 -07:00

README.md

smart contract vulnerabilities

tl; dr

  • tx.origin needs to bere placed by msg.sender, otherwise any contract you call can act on your behalf.
  • inline assembly should be used only in rare cases.
  • unclear semantics: now is alias for block.timestamp not current time; use of low level call, callcode, delegatecall should be avoided whenever possible; use transfer whenever failure of ether transfer should rollnack the whole transaction.
  • beware of caller contracts: selfdestruct can block calling contracts unexpectedly.
  • invocation of local functions via this: never use this to call functions in the same contract, it only consumes more gas than normal call.
  • transferring Ether in a for/while/do-while loop should be avoid due to the block gas limit.
  • erc20 decimals should have uint8 as return type.

in this dir


resources