Git-Mirrors/blockchains-security-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/blockchains-security-toolkit.git synced 2025-05-12 11:42:15 -04:00
Code Issues Projects Releases Packages Wiki Activity
blockchains-security-toolkit/vulnerabilities
History
dr. mia von steinkirch, phd b553e438fb
Update README.md
2023-02-10 10:03:14 -08:00
..
delegatecall clean up (#3) 2022-12-24 19:54:41 -08:00
nonce Create README.md 2023-02-10 09:59:52 -08:00
reentrancy_attacks add list of reentrancy attacks by pcaversaccio 2022-12-23 17:47:10 -08:00
ddos.md clean up (#3) 2022-12-24 19:54:41 -08:00
random_numbers.md clean up (#3) 2022-12-24 19:54:41 -08:00
README.md Update README.md 2023-02-10 10:03:14 -08:00

README.md

smart contract vulnerabilities

tl; dr

  • tx.origin needs to bere placed by msg.sender, otherwise any contract you call can act on your behalf.
  • inline assembly should be used only in rare cases.
  • unclear semantics: now is alias for block.timestamp not current time; use of low level call, callcode, delegatecall should be avoided whenever possible; use transfer whenever failure of ether transfer should rollnack the whole transaction.
  • beware of caller contracts: selfdestruct can block calling contracts unexpectedly.
  • invocation of local functions via this: never use this to call functions in the same contract, it only consumes more gas than normal call.
  • transferring Ether in a for/while/do-while loop should be avoid due to the block gas limit.
  • erc20 decimals should have uint8 as return type.

in this dir


resources