Smart Contract Security Guide

A comprehensive collection of smart contract security vulnerabilities, real-world examples, and prevention strategies.

Core Vulnerabilities

Access Control & Authentication

• Access Control Vulnerabilities - Poly Network ($611M) and ShadowFi ($300K) incidents
• Bypass Contract Check - Exploiting contract detection mechanisms
• Transaction Origin Attacks - Phishing attacks using tx.origin
• Signature Replay Attacks - Wintermute's Optimism incident ($20M)

Financial Logic

• Price Manipulation - Mango Markets incident ($115M)
• Flashloan Governance Attacks - Fei Protocol incident ($80M)
• Reentrancy Attacks - The DAO hack and Fei Protocol incidents
• Mixed Balance Accounting - Balance tracking vulnerabilities

Implementation Issues

• Integer Overflow - BeautyChain (BEC) token incident
• Unchecked Low-Level Calls - King of Ether incident
• Bad Randomness - Meebits, Loots, and Wolf Game vulnerabilities
• Downcasting Issues - Safe type conversion practices
• ERC20 Transfer Issues - Token transfer implementation risks
• Selector Collision - Poly Network cross-chain bridge hack

Design Flaws

• Denial of Service (DoS) - Akutar NFT incident
• Excessive Restrictions - Akutars NFT $34M lock incident
• msg.value in Loops - Reuse of msg.value vulnerabilities
• Input Validation - Sushiswap's $3.3M exploit

General Resources

• Smart Contract Security Overview - Best practices and guidelines

Contributing

Feel free to submit pull requests to add new vulnerabilities, update existing content, or improve documentation.