Git-Mirrors/blockchains-security-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/blockchains-security-toolkit.git synced 2025-05-12 11:42:15 -04:00
Code Issues Projects Releases Packages Wiki Activity
blockchains-security-toolkit/advanced_expert/vulnerabilities
History
autistic-symposium-helper 435908a0ba
old goodie: exploring cryptokitties midwives (giveBirth() as an example of flawed economic incentive and randomization)
2024-11-04 19:16:50 +07:00
..
arithmetic_errors organize chapters for the ongoing research, remove dead links, add new resources 2024-11-04 18:42:30 +07:00
ddos organize chapters for the ongoing research, remove dead links, add new resources 2024-11-04 18:42:30 +07:00
delegatecall organize chapters for the ongoing research, remove dead links, add new resources 2024-11-04 18:42:30 +07:00
nonce organize chapters for the ongoing research, remove dead links, add new resources 2024-11-04 18:42:30 +07:00
randomness old goodie: exploring cryptokitties midwives (giveBirth() as an example of flawed economic incentive and randomization) 2024-11-04 19:16:50 +07:00
reentrancy_attacks organize chapters for the ongoing research, remove dead links, add new resources 2024-11-04 18:42:30 +07:00
replay_attacks organize chapters for the ongoing research, remove dead links, add new resources 2024-11-04 18:42:30 +07:00
self_destruct Create self_destruct.sol 2023-06-19 09:20:32 -07:00
README.md organize chapters for the ongoing research, remove dead links, add new resources 2024-11-04 18:42:30 +07:00

README.md

smart contract vulnerabilities


initial thoughts


  • tx.origin needs to bere placed by msg.sender, otherwise any contract you call can act on your behalf.
  • inline assembly should be used only in rare cases.
  • unclear semantics: now is alias for block.timestamp not current time; use of low level call, callcode, delegatecall should be avoided whenever possible; use transfer whenever failure of ether transfer should rollnack the whole transaction.
  • beware of caller contracts: selfdestruct can block calling contracts unexpectedly.
  • invocation of local functions via this: never use this to call functions in the same contract, it only consumes more gas than normal call.
  • transferring Ether in a for/while/do-while loop should be avoid due to the block gas limit.
  • erc20 decimals should have uint8 as return type.

chapters



cool resources