README.md

Smart contract attack vectors

The goal of this repository is to compile all possible smart contract vulnerabilities and resources for learning about them.

Feel free to submit a pull request, with anything from small fixes to docs or tools you'd like to add.

List of Security Vulnerabilities

• Access Control
  • Authentication With tx.origin
  • Default Visibility
  • Signature Verification
  • Unprotected Ether Withdrawal
  • Unprotected SELFDESTRUCT Instruction
  • Missed Modifier
  • Incorrect Modifier Names
  • Overpowered Roles
• Account Existence Check for low level calls
• Arbitrary Jumps with Function Variables
• Assert Violation
• Bypass Contract Size Check
• Code With No Effects
• Complex Modifiers
• DOS
  • Unexpected Revert
  • Block Gas Limit
  • External Calls without Gas Stipends
• Dirty Higher Order Bits
• Entropy Illusion / Insecure Randomness
• Experimental Language Features
• External Contract Referencing
• Flash Loan Attacks
• Floating Point Arithmetic
• Frontend (Off Chain) Attacks
  • Short Address Attack
• Force Feeding
• Function Selector Abuse
• Griefing
• Hiding Malicious Code
• Historic Attacks
  • Constructor Names
  • Call Depth Attack
  • Solidity Abi Encoder v2 Bug
• Improper Array Deletion
• Incorrect Interface
• Insufficient Gas Attacks
• Integer Arithmetic
• Loop through long arrays
• Message call with hardcoded gas amount
• Miner Attacks
  • Transaction Ordering / Frontrunning
  • Timestamp Manipulation
• Offline Owner
• Oracle Manipulation
• Outdated Compiler
• Payable Multicall
• Precision Loss in Calculations
• Privacy Illusion
• Proxy Storage Collision
• Reentrancy
• Right-To-Left-Override control character (U+202E)
• Sandwich Attacks
• Signature Replay
• Unchecked External Calls
• Uninitialized Storage Pointers
• Unprotected Upgrades
• Unsafe Delegatecalls
• Unused Variable
• Use of Deprecated Solidity Functions
• Variable Shadowing
• Writes to Arbitrary Storage Locations
• Wrong inheritance

CTFs

Security Tools

Other useful resources

• The Auditors Book

• CryptoFin Solidity Auditing Checklist

• SWC Registry

• Trail of Bits Reference List

Support Me

Your support is crucial to help me continue doing what I love - educating DeFi & Crypto users.

If you find value in my work and want to support my work, you can send me a donation to the address -

• Ethereum/Polygon/BSC/Arbiturm/etc Address – 0xB8B14B7f0E4dF000f0654aF98498d52e567F2bfE

• Solana Address – 2fM5d1cupj2Mceh1wSYTrq1PSz2JbTbcYipJ4RxRSgMB

• Bitcoin – bc1q5nmjw8x40upjd3k9akpmtj682xa3zus7sr7rm3

• DogeCoin - DPFhZeZkybzLZj3ReJPdWHnDzv1zU5pugA

• LiteCoin - ltc1qzs3tj276zdjtuv5qy7aww3cc3frus8yvjdukln

• Binance Referral Link

Much much thanks every single one of you! Your support enables me to create more content, improve the quality of my work, and ultimately make a positive impact on the community.

Linktree

Thank you! Stay safe!