Git-Mirrors/blockchains-security-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/blockchains-security-toolkit.git synced 2025-05-13 12:12:19 -04:00
Code Issues Projects Releases Packages Wiki Activity
blockchains-security-toolkit/advanced_expert/vulnerabilities
History
steinkirch.eth, phd b208ff451a
Update README.md
2023-06-19 09:10:17 -07:00
..
delegatecall Update proxies.md 2023-04-25 08:41:05 -07:00
nonce 💾 2023-03-15 11:08:04 -07:00
reentrancy_attacks Update README.md 2023-06-19 09:10:17 -07:00
ddos.md 💾 2023-03-15 11:08:04 -07:00
overflow.md Create overflow.md 2023-06-19 08:24:32 -07:00
random_numbers.md 💾 2023-03-15 11:08:04 -07:00
README.md Update README.md 2023-06-19 08:24:56 -07:00

README.md

smart contract vulnerabilities

tl; dr

  • tx.origin needs to bere placed by msg.sender, otherwise any contract you call can act on your behalf.
  • inline assembly should be used only in rare cases.
  • unclear semantics: now is alias for block.timestamp not current time; use of low level call, callcode, delegatecall should be avoided whenever possible; use transfer whenever failure of ether transfer should rollnack the whole transaction.
  • beware of caller contracts: selfdestruct can block calling contracts unexpectedly.
  • invocation of local functions via this: never use this to call functions in the same contract, it only consumes more gas than normal call.
  • transferring Ether in a for/while/do-while loop should be avoid due to the block gas limit.
  • erc20 decimals should have uint8 as return type.

in this dir


resources