Skip to content

Latest commit

 

History

History
110 lines (99 loc) · 2.79 KB

README.md

File metadata and controls

110 lines (99 loc) · 2.79 KB

// TODO: Add and explain all the attack vectors exists on this planet.

List of Security Vulnerabilities

Author: Harendra Shakya (LinkTree)

  • Reentrancy
  • Oracle Manipulation
  • Access Control
    • Authentication With tx.origin
    • Default Visibility
    • Signature Verification
    • Unprotected Ether Withdrawal
    • Unprotected SELFDESTRUCT Instruction
    • Missed Modifier
    • Incorrect Modifier Names
    • Overpowered Roles
  • Signature Replay
  • Unsafe Delegatecalls
  • Sandwich Attacks
  • Flash Loan Attacks
  • Griefing
  • Force Feeding
  • Account Existence Check for low level calls
  • Cross-Chain Bridge manipulation
  • Insecure Randomness
  • Accessing Private Data
  • Authentication With tx.origin
  • Delegatecall
  • Integer Arithmetic
  • Block timestamp Manipulation
  • Unsafe external calls
  • Unchecked return values
  • Proxy Storage Collision
  • Floating Point Arithmetic
  • Code Injection via delegatecall
  • Unchecked External Calls
  • Insufficient Gas Attacks
  • DOS
    • Unexpected Revert
    • Block Gas Limit
    • External Calls without Gas Stipends
  • Offline Owner
  • Entropy Illusion
  • Privacy Illusion
  • Miner Attacks
    • Transaction Ordering / Frontrunning
    • Timestamp Manipulation
  • Unexpected Ether
  • External Contract Referencing
  • Uninitialized Storage Pointers
  • Writes to Arbitrary Storage Locations
  • Incorrect Interface
  • Arbitrary Jumps with Function Variables
  • Variable Shadowing
  • Assert Violation
  • Dirty Higher Order Bits
  • Complex Modifiers
  • Outdated Compiler
  • Use of Deprecated Solidity Functions
  • Function Selector Abuse
  • Experimental Language Features
  • Constructor call
  • Frontend (Off Chain) Attacks
    • Short Address Attack
  • Historic Attacks
    • Constructor Names
    • Call Depth Attack
    • Constantinople Reentrancy
    • Solidity Abi Encoder v2 Bug
  • Payable Multicall
  • Bypass Contract Size Check
  • Code With No Effects
  • Logical Issues
  • Floating Pragma
  • Hash Collisions With Multiple Variable Length Arguments
  • Improper Array Deletion
  • Insufficient gas griefing
  • Unsafe Ownership Transfer
  • Loop through long arrays
  • Message call with hardcoded gas amount
  • Precision Loss in Calculations
  • Hiding Malicious Code with External Contract
  • Public burn
  • Requirement Violation
  • Right-To-Left-Override control character (U+202E)
  • Signature Malleability
  • Transaction Order Dependence
  • Typographical Error
  • Unprotected Upgrades
  • Unused Variable
  • Wrong inheritance
  • Governance Attack
  • Honeypot

References

Rekt news

SWC Registry

DeFi-Threat

Runtimeverification - List-of-Security-Vulnerabilties

DASP-Top 10

SCSVS