mirror of
https://github.com/autistic-symposium/blockchains-security-toolkit.git
synced 2025-08-02 11:26:22 -04:00
38 lines
558 B
Markdown
38 lines
558 B
Markdown
## bug hunting smart contracts
|
|
|
|
<br>
|
|
|
|
### initial questions
|
|
|
|
<br>
|
|
|
|
* list `external` and `public` functions.
|
|
* when and where external call happens and what changes.
|
|
* check `payable` functions.
|
|
* how functions are accessed (permissions by who).
|
|
* follow the flow for transfers.
|
|
|
|
<br>
|
|
|
|
### look for common vulnerabilities
|
|
|
|
<br>
|
|
|
|
* reentrancy with flashloans, fallbacks, payables.
|
|
* access control.
|
|
* arithmetic errors.
|
|
|
|
<br>
|
|
|
|
### create an enviroment for testing
|
|
|
|
<br>
|
|
|
|
* static analysis
|
|
* fuzzing and poc exploits (use foundry)
|
|
|
|
<br>
|
|
|
|
---
|
|
|
|
### resources
|