blockchains-security-toolkit

History

autistic-symposium-helper 90565949a5 this is awesome - randao target slot attack analysis, by jtapolcai (2025)		2025-02-17 20:54:20 +02:00
..
arithmetic_errors	fix typos (#8 )	2024-12-08 12:23:42 -08:00
ddos	organize chapters for the ongoing research, remove dead links, add new resources	2024-11-04 18:42:30 +07:00
delegatecall	organize chapters for the ongoing research, remove dead links, add new resources	2024-11-04 18:42:30 +07:00
nonce	organize chapters for the ongoing research, remove dead links, add new resources	2024-11-04 18:42:30 +07:00
randomness	this is awesome - randao target slot attack analysis, by jtapolcai (2025)	2025-02-17 20:54:20 +02:00
reentrancy_attacks	organize chapters for the ongoing research, remove dead links, add new resources	2024-11-04 18:42:30 +07:00
replay_attacks	organize chapters for the ongoing research, remove dead links, add new resources	2024-11-04 18:42:30 +07:00
self_destruct	Create self_destruct.sol	2023-06-19 09:20:32 -07:00
README.md	fix typos (#8 )	2024-12-08 12:23:42 -08:00

smart contract vulnerabilities

tx.origin needs to be replaced by msg.sender, otherwise any contract you call can act on your behalf.
inline assembly should be used only in rare cases.
unclear semantics: now is alias for block.timestamp not current time; use of low level call, callcode, delegatecall should be avoided whenever possible; use transfer whenever failure of ether transfer should rollback the whole transaction.
beware of caller contracts: selfdestruct can block calling contracts unexpectedly.
invocation of local functions via this: never use this to call functions in the same contract, it only consumes more gas than normal call.
transferring Ether in a for/while/do-while loop should be avoided due to the block gas limit.
erc20 decimals should have uint8 as return type.