Author: Harendra Shakya (LinkTree)
- Access Control
- Authentication With tx.origin
- Default Visibility
- Signature Verification
- Unprotected Ether Withdrawal
- Unprotected SELFDESTRUCT Instruction
- Missed Modifier
- Incorrect Modifier Names
- Overpowered Roles
- Account Existence Check for low level calls
- Arbitrary Jumps with Function Variables
- Assert Violation
- Bypass Contract Size Check
- Code With No Effects
- Complex Modifiers
- DOS
- Unexpected Revert
- Block Gas Limit
- External Calls without Gas Stipends
- Dirty Higher Order Bits
- Entropy Illusion / Insecure Randomness
- Experimental Language Features
- External Contract Referencing
- Flash Loan Attacks
- Floating Point Arithmetic
- Frontend (Off Chain) Attacks
- Short Address Attack
- Force Feeding
- Function Selector Abuse
- Griefing
- Hiding Malicious Code
- Historic Attacks
- Constructor Names
- Call Depth Attack
- Constantinople Reentrancy
- Solidity Abi Encoder v2 Bug
- Improper Array Deletion
- Incorrect Interface
- Insufficient Gas Attacks
- Integer Arithmetic
- Loop through long arrays
- Message call with hardcoded gas amount
- Miner Attacks
- Transaction Ordering / Frontrunning
- Timestamp Manipulation
- Offline Owner
- Oracle Manipulation
- Outdated Compiler
- Payable Multicall
- Precision Loss in Calculations
- Privacy Illusion
- Proxy Storage Collision
- Reentrancy
- Right-To-Left-Override control character (U+202E)
- Sandwich Attacks
- Signature Replay
- Unchecked External Calls
- Uninitialized Storage Pointers
- Unprotected Upgrades
- Unsafe Delegatecalls
- Unused Variable
- Use of Deprecated Solidity Functions
- Variable Shadowing
- Writes to Arbitrary Storage Locations
- Wrong inheritance