blockchains-security-toolkit

History

bt3gl 184e917000 organize chapters for the ongoing research, remove dead links, add new resources		2024-11-04 18:42:30 +07:00
..
arithmetic_errors	organize chapters for the ongoing research, remove dead links, add new resources	2024-11-04 18:42:30 +07:00
ddos	organize chapters for the ongoing research, remove dead links, add new resources	2024-11-04 18:42:30 +07:00
delegatecall	organize chapters for the ongoing research, remove dead links, add new resources	2024-11-04 18:42:30 +07:00
nonce	organize chapters for the ongoing research, remove dead links, add new resources	2024-11-04 18:42:30 +07:00
randomness	organize chapters for the ongoing research, remove dead links, add new resources	2024-11-04 18:42:30 +07:00
reentrancy_attacks	organize chapters for the ongoing research, remove dead links, add new resources	2024-11-04 18:42:30 +07:00
replay_attacks	organize chapters for the ongoing research, remove dead links, add new resources	2024-11-04 18:42:30 +07:00
self_destruct	Create self_destruct.sol	2023-06-19 09:20:32 -07:00
README.md	organize chapters for the ongoing research, remove dead links, add new resources	2024-11-04 18:42:30 +07:00

smart contract vulnerabilities

tx.origin needs to bere placed by msg.sender, otherwise any contract you call can act on your behalf.
inline assembly should be used only in rare cases.
unclear semantics: now is alias for block.timestamp not current time; use of low level call, callcode, delegatecall should be avoided whenever possible; use transfer whenever failure of ether transfer should rollnack the whole transaction.
beware of caller contracts: selfdestruct can block calling contracts unexpectedly.
invocation of local functions via this: never use this to call functions in the same contract, it only consumes more gas than normal call.
transferring Ether in a for/while/do-while loop should be avoid due to the block gas limit.
erc20 decimals should have uint8 as return type.